> in 2023, Google renames their chatbot from Bard to [Gemini][gemini] thereby completely eclipsing the 4-year-old independent protocol by the same name; this is possibly coincidental, which would make it the only unintentional attack on the open web by Google in the last 15 or so years —and at this point even that is doubtful;
So the theory is that Google chose the name of its AI -- easily one of the hardest and most revenue-impacting naming decisions it's made in years -- in order to create a name collision with a protocol nobody's heard of that's trying to revive GOPHER?
This is so obviously false that you have to re-read the rest of the article with the knowledge that the author is misunderstanding what they're seeing.
Much of what the author describes is increasing security and not wanting to work with XML.
morkalork · 1h ago
Yahoo Gemini Ads team in shambles right now when nobody remembers they even existed.
owebmaster · 2h ago
Did you at least read the excerpt you posted? It says the opposite of your conclusion, this is not even the worse interpretation of what was said, it's plain false.
TheCraiggers · 2h ago
I suppose the definition of intentional is a bit murky here.
Yeah, you're right that Google probably didn't look at a list of open web technologies that they disagree with and choose one for their new tool. I guess I'll call that "malicious intention".
I'm sure that, however the name was picked, Google's lawyers looked for prior uses of the name. I'm sure it came up, and Google shrugged its shoulders in indifference. Maybe someone brought up the fact this would hurt some open standard or whatever, but nobody in power cared. Is this the same kind of malicious? Probably not, but it still shows that Google doesn't care about the open web and the collateral damage they cause.
ants_everywhere · 1h ago
surely the lawyers found far more name clashes with Bard than Gemini
Ok, but were they open web standards? That's the topic at hand here. Regardless, that just shows Google doesn't care.
isodev · 3h ago
I love the little historical overview in the post. With more than 25 years of hindsight, the push against user-centred standards is so obvious. W3C is always better than whatever coolaid-du-jour big corps wants you to drink because (at the very least), someone actually thinks "how is this going to affect people using it" as opposed to Google/Apple's approach "How is this going to affect our revenue".
StopDisinfo910 · 2h ago
To be honest, in my recollection, in 2013 what the W3C was doing was actually seen as user hostile and HTML5 was seen as a good thing for users.
Part of the community really hated XHTML and its strictness. I remember Mozilla being at the vanguard then rather than Google.
I think the situation was and is a lot more messy and complicated than what the article presents but presenting it fully would make for a less compelling narrative.
As is I don’t really buy it personally.
newyorkahh · 38m ago
Hostile actions would be IE’s strategy for monopolizing browser in 90s and Google paying Apple and Mozilla to monopolize search starting in 2004, killing off Reader in 2013.
Taking over standards groups is a gray area with tradeoffs. It helped Google preserve monopoly in search but clearly devs and the web benefited as well.
XHTML2 was panned because it was super strict without clear benefits. Keeping HTML backwards compatible is clearly a very good thing. I don’t fully understand the author’s passion for XSLT- it’s cumbersome and it wasn’t popular with devs.
I agree with the headline and some aspects but XML is a bad hill to die on and much of the writing is hyperbolic and more than a little out of touch.
Devasta · 7m ago
> Part of the community really hated XHTML and its strictness.
A big part of this is that people were concatenating XML together manually, to predictable disaster.
Nowadays they use JSX and TypeScript, far more strict than XML ever was, and absolutely love it.
api · 2h ago
Nobody pays for anything with user centric standards. If software were free to produce and services were free to run this would work, but it doesn’t. Software in particular is incredibly time consuming and expensive, especially if you want to make it usable.
wobfan · 2h ago
> Nobody pays for anything with user centric standards.
???
Why do you think this?
api · 2h ago
Do people buy chat apps? Web browsers? Web servers? Web content? Clients or servers for other open standards?
No, which means you’ll never see them get the level of polish or investment that closed stuff gets. Because when it’s closed you can make people pay or monetize it with advertising.
I’m not cheering for this. Don’t shoot the messenger. I’m pointing out why things are this way.
A major problem is that while free software efforts can build working software, it often takes orders of magnitude more work to make software mere mortals can use. That kind of UI/UX polish is also the work programmers hate doing, so you have to pay them to do it. Therefore closed stuff always wins on UI/UX. That means it always takes the network effect. UX polish is the moat that free has never been able to cross.
newyorkahh · 31m ago
You’re right, but browsers are free because their cost is a drop in the bucket compared to the profits a monopolized browser status quo provides, for Windows/Office in 90s snd search/ads with Google. MS started it with free IE and Google improved upon their strategy.
JumpCrisscross · 2h ago
> Do people buy chat apps? Web browsers? Web servers? Web content?
Yes. (Slack. Orion. Since when were servers free?)
The web basically fractures into people who watch ads and complain about paywalls and those who don’t.
scarface_74 · 1h ago
People don’t buy Slack. Corporations do. They also buy Teams…
JumpCrisscross · 1h ago
> People don’t buy Slack. Corporations do.
One, corporate cash is just as good as people cash. Two, people absolutely paid for WhatsApp before it was acquired. And three, I am a people and I personally pay for Microsoft 365 and on occasion have used Teams.
scarface_74 · 1h ago
B2B sales by definition is where the buyer is not the user. The software doesn’t have to be anything the end user wants or have a good user experience. In corporate sells, it often just has to be in the right upper quadrant of Gartner’s Magic Square.
They definitely weren’t bought by corporations because they care about open standards or great UX.
JumpCrisscross · 27m ago
> weren’t bought by corporations because they care about open standards or great UX
OP said open products lose because they lack “UI/UX polish.”
api · 56m ago
Slack is an example of a user-centric open protocol?
Slack proves my point. It's closed and vertically integrated and people pay for it. Nobody paid for the open precursors to Slack so they stagnated.
JumpCrisscross · 31m ago
> Slack is an example of a user-centric open protocol?
No, it’s a thing people pay for and thus which attracts investment. Despite its UI/UX being perennially trashed.
piva00 · 2h ago
People definitely do pay for it when it's available, even more at the core of this issue is that people would prefer alternatives that are open, where their data can be easily ported to some competitor service if it's better which directly affects the bottomline from companies that push against open standards.
I think you got it clearly reversed in your mind...
api · 2h ago
They prefer it but they don’t pay for it.
sharpfuryz · 3h ago
The article is about intentional killing XSLT/XML in the browser. I think it is evolutionary: devs switched to JSON, AI agents don't care at all - they can handle anything; XML just lost naturally, like GOPHER
isodev · 2h ago
The problem is not XML vs. JSON. This is not about choosing the format to store a node app's configuration. This is about an entire corpus of standards, protocols that depend on this. The root problem for me is:
1) Google doing whatever they want with matters that affect every single human on the planet.
2) Google running a farse with "public feedback" program where they don't actually listen, or in this case ask for feedback after the fact.
3) Google not being truthful or introspective about the reasons for such a change, especially when standardized alternatives have existed for years.
4) Honestly, so much of standard, interoperable "web tech" has been lost to Chrome's "web atrocities" and IE before that... you'd think we've learned the lesson to "never again" have a dominant browser engine in the hands of a "for profit" corp.
StopDisinfo910 · 1h ago
The narrative would be more compelling to me if Google didn’t fail to impose their technology on the web so many times.
NaCL? Mozilla won this one. Wasm is a continuation of asm.js.
Dart? It now compiles to Wasm but has mostly failed to replace js while Typescript filled the niche.
Sure, Google didn’t care much for XML. They had a proper replacement for communication and simple serialisation internally in protobuf which they never actually try to push for web use. Somehow json ended up becoming the standard.
I personally don’t give much credit to the theory of Google as a mastermind patiently under minding the open web for years via the standards.
Now if we talk about how they have been pushing Chrome through their other dominant products and how they have manipulated their own products to favour it, I will gladly agree that there is plenty to be said.
rapnie · 2h ago
Yes, this is the real issue, and it is a pity so many comments delve into json vs. xml and not on the title stating that "google is killing the open web". A new stage of the web is forming where Big Tech AI isn't just chatbots, but matured to offer fully operational end-to-end services. All AI-operated and served, up to tailor-made domain-specific UI. Then the corporations, winners in their market, don't have a need for open web anymore to slurp data from. All open web data absorbed, now fresh human creativity flows in exclusively via these service, directly feeding the AI systems.
quietbritishjim · 1h ago
There are a lot of comments focusing more on the specifics of XML and XSLT because that's what much of the article laboriously drones on about, despite its general title.
diggan · 2h ago
> XML just lost naturally, like GOPHER
Lost? The format is literally everywhere and a few more places. Hard to say something lost when it's so deeply embedded all over the place. Sure, most developers today reach for JSON by default, but I don't think that means every other format "lost".
Not sure why there is always such a focus on who is the "winner" and who is the "loser", things can co-exists just fine.
sharpfuryz · 2h ago
Do you use it daily in browser?
aragilar · 1h ago
Yes, RSS.
TiredOfLife · 53m ago
Which browser? Firefox and Chrome have no support
jeroenhd · 2h ago
Tons of APIs and applications work with XML. XSLT less so; that's more of a backend language.
MrVandemar · 2h ago
Immaterial. If the answer is either 'yes' or 'no', it makes no actual difference: gopher still exists, is still a thing, is still successful. It feels like you're just trying to move the goal-posts and redefine what 'lose' means and trying to lure the poster into a "gotcha".
sharpfuryz · 1h ago
It's not about a "gotcha."
Browsers once supported the GOPHER protocol but dropped it around a decade ago. This serves as an analogy: if users don't use XSLT/XML daily, browsers may eventually drop support for XSLT - supporting features cost money
mattlondon · 2h ago
+1 I think XML "lost" some time ago. I really doubt anyone would chose to use it for anything new these days.
I think, from my experience at least, that we keep getting these "component reuse" things coming around "oh you can use Company X's schema to validate your XML!" "oh you can use Company X's custom web components in your web site!" etc etc yet it rarely if ever seems to be used. It very very rarely ever feels like components/schemas/etc can be reused outside of their intended original use cases, and if they can they are either so trivially simple it's hardly worth the effort, or they are so verbose and cumbersome and abstracted trying to be all things to all people then it is a real pain to work with. (And for the avoidance of doubt I don't mean things like tailwind et Al here)
I'm not sure who keeps dreaming these things up with this "component reuse" mentality but I assume they are in "enterprise" realms where looking busy and selling consulting is more important than delivering working software that just uses JSON :)
NoboruWataya · 2h ago
It may be that nobody would choose XML as the base for their new standard. But there are a ton of existing standards built around XML that are widely used and important today. RSS, GPX, XMPP, XBRL, XSLT, etc. These things aren't being replaced with JSON-based open standards. If they die, we will likely be left without any usable open standards in their respective niches.
roenxi · 2h ago
Looking at the list, what actually jumps out at me is there is probably a gap in the world of standards for a JSON-based replacement to RSS. Looking it up someone came up with the idea of https://www.jsonfeed.org/ and hopefully it gains traction.
In hindsight, it is hard to imagine a JSON-based RSS-style standard struggling to catch. The first project every aspiring JS developer would be doing is how to add a feed to their website.
bayindirh · 2h ago
> I really doubt anyone would chose to use it for anything new these days.
I use it to store complex 3D objects. It works surprisingly well.
temporallobe · 2h ago
XML might have “lost” but it’s still a format being used by many legacy and de novo projects. Transform libraries are also alive and well, some of them coming with hefty price tags.
weinzierl · 2h ago
"I really doubt anyone would chose to use it for anything new these days."
Funny how went from "use it for everything" (no matter how suitable) to "don't use it for anything new" in just under two decades.
To me XML as a configuration file format never made sense. As a data exchange format it has always been contrived.
For documents, together with XSLT (using the excellent XPath) and the well thought out schema language RelaxNG it still is hard to beat in my opinion.
bryanrasmussen · 2h ago
probably nobody would choose it for anything new because the sweet spots for XML usage have all already been taken, that said if someone was to say hey we need to redo some of these standards they can of course find ways to make JSON work for some standards that are XML nowadays, but for a lot of them JSON would be the absolute worst and if you were redoing them you would use XML to redo.
basically anything that needs to combine structured and unstructured data and switch between the two at different parts of your tree are probably better represented as XML.
ongy · 1h ago
EAD does indeed look like a good example of why we shouldn't use XML.
bryanrasmussen · 1h ago
hah hah yeah, these scoped content examples would be a joy to do in JSON
Yes. A sane schema that actually encapsulates the data would be a lot easier to read.
Earlier I had only seen the mix of values in body and values in tags.
With one even being a tag called "value".
Thanks for showing more examples of XML being used to write unreadable messes.
ekianjo · 2h ago
LLMs produce much more consistent XML than JSON because JSON is a horrible language that can be formatted in 30 different ways with tons of useless spaces everywhere, making for terrible next token prediction.
MrVandemar · 2h ago
> I really doubt anyone would chose to use it for anything new these days.
Use the correct tool for the job. If that tool is XML, then I use it instead of $ShinyThing.
bryanrasmussen · 1h ago
I have a hilarious example of this. I was hired to consult at a large company that had "configurators" which were applications that decided all sorts of things for if you were building a new factory and needed to use this company's stuff for your factory, so for example one configurator would be a search for replacement part in your area - so if you are building a factory in Asia but you want to use a particular part but that part is has export restrictions for it from the U.S where it is manufactured you would use this tool to pick out the appropriate replacement part made somewhere in Asia.
They had like 50 different configurators built at different times using different tech etc. (my memory is a bit fuzzy here as to how many they had etc. but it was a lot) So of course they wanted to make a solution for putting their codebase together and also make it easy to make new configurators.
So they built a React application to take a configurator input format that would tell you how to build this application and what components to render and blah blah blah etc.
Cool. But the configurator format was in JSON so they needed to make an editor for their configurator format.
They didn't have a schema or anything like this they made up the format as they went along, and they designed the application as they went along by themselves, so application designed by programmers with all the wonder that description entails.
That application at the end was just a glorified tree editor that looked like crap and of course had all sorts of functionality behavior and design mixed in with its need to check constraints for outputting a particular JSON structure at a particular point. Also programmed in React.
There was about 10 programmers, including several consultants who had worked on this for over a year when I came along, and they were also shitting bricks because they had only managed to port over 3 configurators, and every time they ported a new one they needed to add in new functionality to the editor and the configurator compiler, and there was talk of redesigning the whole configurator editor cause it sucked to use.
Obviously the editor part should have been done in XML. Then people could have edited the XML by learning to use XML spy, they could have described their language in XML schema real easy, and so forth.
But no they built everything in React.
The crowning hilarity - this application at most would ever be used by about 20 people in the world and probably not more than 10 people at all.
I felt obligated by professional pride (and also by the fact that I could see no way could this project keep being funded indefinitely so it was to my benefit to make things work) to explain how XML would be a great improvement over this state of affairs but they wouldn't hear of it.
After about 3 months on it was announced the project would be shut down in the next year. All that work wasted on an editor that could probably have been done by one expert in a month's time.
bayindirh · 2h ago
XML is not a file format only. It's a complete ecosystem built around that file. Protocols, verifiers, file formats built on top of XML.
You can get XML and convert it to everything. I use it to model 3D objects for example, and the model allows for some neat programming tricks while being efficient and more importantly, human readable.
Except being small, JSON is worst of both worlds. A hacky K/V store, at best.
ongy · 2h ago
Calling XML human readable is a stretch. It can be with some tooling, but json is easier to read with both tooling and without.
There's some level of the schema being relevant to how human readable the serialization is, but I know significantly fewer people that can parse an XML file by sight than json.
Efficient is also... questionable. It requires the full turing machine power to even validate iirc. (surely does to fully parse).
by which metric is XML efficient?
StopDisinfo910 · 1h ago
> Calling XML human readable is a stretch.
That’s always been the main flaw of XML.
There are very few use case where you wouldn’t be better served by an equivalent more efficient binary format.
You will need a tool to debug xml anyway as soon as it gets a bit complex.
bayindirh · 1h ago
A simple text editor of today (Vim, KATE) can real-time sanity check an XML file. Why debug?
StopDisinfo910 · 1h ago
Because issue with XML are pretty much never sanity check. After all XML is pretty much never written by hand but by tools which will most likely produce valid xml.
Most of the time you will actually be debugging what’s inside the file to understand why it caused an issue and find if that comes from the writing or receiving side.
It’s pretty much like with a binary format honestly. XML basically has all the downside of one with none of the upside.
bayindirh · 57m ago
I mean, I found it pretty trivial to write parsers for my XML files, which are not simple ones, TBH. The simplest one of contains a bit more than 1700 lines.
It's also pretty easy to emit, "I didn't find what I'm looking for under $ELEMENT" while parsing the file, or "I expected a string but I got $SOMETHING at element $ELEMENT".
Maybe I'm distorted because I worked with XML files more than decade, but I never spent more than 30 seconds while debugging an XML parsing process.
Also, this was one of the first parts I "sealed" in the said codebase and never touched it again, because it worked, even if the coming file is badly formed (by erroring out correctly and cleanly).
bayindirh · 1h ago
By efficiency, I mean it's text and compresses well. If we mean speed, there are extremely fast XML parsers around see this page [0] for state of the art.
For hands-on experience, I used rapidxml for parsing said 3D object files. A 116K XML file is parsed instantly (the rapidxml library's aim is to have speed parity with strlen() on the same file, and they deliver).
Converting the same XML to my own memory model took less than 1ms including creation of classes and interlinking them.
This was on 2010s era hardware (a 3rd generation i7 3770K to be precise).
Verifying the same file against an XSLT would add some milliseconds, not more. Considering the core of the problem might took hours on end torturing memory and CPU, a single 20ms overhead is basically free.
I believe JSON and XML's readability is directly correlated with how the file is designed and written (incl. terminology and how it's formatted), but to be frank, I have seen both good and bad examples on both.
If you can mentally parse HTML, you can mentally parse XML. I tend to learn to parse any markup and programming language mentally so I can simulate them in my mind, but I might be an outlier.
If you're designing a file format based on either for computers only, approaching Perl level regular expressions is not hard.
it's a lot of things, none of them in the browser anymore
bayindirh · 1h ago
RSS says hi!
agos · 1h ago
as much as it pains me to say it, that is also a sailed ship
bayindirh · 1h ago
I still follow feeds, my blog's RSS feed gets ~1.5K fetches every day.
How is it a sailed ship?
agos · 1h ago
how many of those 1.5K you think are using a web browser to read that feed?
bayindirh · 1h ago
The platform I use doesn't give statistics on that (I don't host my blog), but I assume the number is >0, since there's a lot of good browser based and free RSS readers.
mortarion · 2h ago
I mean, at least JSON has a native syntax to indicate an array, unlike XML which requires that you tack on a schema.
Serialize that to a JavaScript object, then tell me, is "AnElement" a list or not?
That's one of the reasons why XML is completely useless on the web. The web is full of XML that doesn't have a schema because writing one is a miserable experience.
bayindirh · 2h ago
This is why you can have attributes in a tag. You can make an XML file self explanatory.
Most parsers have type aware parsing, so that if somebody tucks string to a place where you expect integer, you can get an error or nil or "0" depending on your choice.
jon-wood · 2h ago
> AI agents don't care at all
And I don't care at all about the feelings of AI agents. That a tool that's barely existed for 15 minutes doesn't need a feature is irrelevant when talking about whether or not to continue supporting features that have been around for decades.
vidarh · 2h ago
Agreed. Having actually built and deployed an app that could render entirely from XML with XSLT in the browser: I wouldn't do it again.
Conceptually it was beautiful: We had a set of XSL transforms that could generate RSS, Atom, HTML, and a "cleaned up" XML from the same XML generated by our frontend, or you could turn off the 2-3 lines or so of code used to apply the XSL on the server side and get the raw XML, with the XSLT linked so the browser would apply it.
Every URL became an API.
I still like the idea, but hate the thought of using XSLT to do it. Because of how limited it is, we ended up having e.g. multiple representations of dates in the XML because trying to format dates nicely in XSLT for several different uses was an utter nightmare. This was pervasive - there was no realistic prospect of making the XML independent of formatting considerations.
_heimdall · 3h ago
The only reason AI agents don't care about XML is because the developers decided, yet again, to attempt to recreate the benefits of REST on top of JSON.
That's been tried multiple times over the last two decades and it just ends up with a patchwork of conventions and rules defining how to jam a square peg into a round hole.
afavour · 2h ago
Many years ago I tried very hard to go all-in on XML. I loved the idea of serving XML files that contain the data and an XSLT file that defined the HTML templates that would be applied to that XML structure. I still love that idea. But the actual lived experience of developing that way was a nightmare and I gave up.
"Developers keep making this bad choice over and over" is a statement worthy of deeper examination. Why? There's usually a valid reason for it. In this instance JSON + JS framework of the month is simply much easier to work with.
Devasta · 3m ago
The same reason they use Node.js for their web server: They don't want to learn another language, and for their specific use case quality probably doesn't matter too much.
molteanu · 2h ago
"Choice" is a big word here. It would imply "we've weighted the alternatives, the pros and cons, we've tested and measured different strategies and implementations and we came out with this conclusion: [...]." You know, like science and engineering.
While oftentimes what happens is is "oh, this thing seems to be working. And it looks easy. Great! Moving on.."
bilog · 2h ago
Most of the issues of using client-side XSLT is that browsers haven't updated their implementations since v1 nor their tooling to improve debugging. Both of these issues are resolved improving the implementations and tooling, as pointed out by several commenters on the GH issue.
FeepingCreature · 2h ago
That kind of demonstrates why XSLT is a bad idea as well though. JSON has its corner cases, but mostly the standard is done. If you want to manipulate it, you write code to do so.
_heimdall · 36m ago
JSON correlates to XML rather than XSLT. As far as I'm aware, XML as a standard is already done as well.
XSLT is more related to frontend frameworks like react. Where XML and JSON are ways of representing state, XSLT and react (or similar) are ways of defining how that state is converted to HTML meant for human consumption.
bilog · 4m ago
Also, fun fact, XSLT 3 relies on XPath 3.1 which can also handle JSON.
sharpfuryz · 2h ago
People have been building things differently for the last 10 years, using json/grpc/graphql (that's why replacing complex formats like xml/wsdl/soap with just JSON is a bad idea), so why train(spend money) AI for legacy tech?
billy99k · 1h ago
They have been killing open anything for a long time. Very similar to Microsoft. As an example, they have the power to block emails for a large portion of the Internet. This is used for good, like spam and scams, but also bad, like political viewpoints they don't like.
The same can be said about their search engine. This most likely has already altered the outcomes of elections and should have been investigated years ago.
myfonj · 2h ago
Coincidentally spotted this source code in some Microsoft Windows Server® 2022 Remote Desktop Web Access thingy yesterday:
Other anecdotal experiences with Google and their specific attitude towards user/developer needs:
- Stable Array.sort (2008 – 2018): Of course it doesn't have to be stable, spec does not dictate it right now, it is good for performance, and some other browser even started to do this like we do: http://crbug.com/v8/90 .
- Users don't userstyle (2015– ) Of course we absolutely can an will remove this feature from the core, despite it is mandated by several specifications: https://bugs.chromium.org/p/chromium/issues/detail?id=347016 .
- SMIL murder attempt was addressed in the OP article (I think they keep similar sentiment towards MathML either) but luckily was eventually retracted. I guess/hope this XSLT will have similar "storm in the teacup" trajectory.
ymolodtsov · 2h ago
Coders have this tendency to value ideology over practicality. What matters is something that works and people use, not a theoretical picture of how it could have worked in an alternative timeline.
Devasta · 1m ago
> Coders have this tendency to value ideology over practicality.
It would be a horrible existence to value anything else. What reason is there to get up in the morning if you think things couldn't be better?
isaacremuant · 2h ago
Actually, control means practicality. Linux won the server wars and that was a combination of ideology AND practicality.
If a company breaks something so only their path works it's short term practicality to use it and long term practicality to fight for an alternative that keeps control in the developers hand.
Monopolies are terrible for software developers. Quality and customisation tend to go down, which means less value for the Devs.
pjmlp · 2h ago
It is already ChromeOS Application Platform for quite some time now.
Every Chrome installation or related fork, plus Electron shippments, counts.
lifeinthevoid · 2h ago
Google is a corporation maximizing shareholder value. That this goal is not aligned with serving the greater good and freedom should come as no surprise.
Use the open web yourself, build on it, align with standars, and help them mature, participate in open standard bodies.
colesantiago · 2h ago
How long will this take us?
Don't you think Google and the other big tech companies already has massive influence in the W3C and web standards?
zoobab · 2h ago
Ask antitrust authorities to dissolve them properly in acid.
pjmlp · 2h ago
Stop using Chrome and Electron, but of course no one will, it was devs that made them what they are today.
andersmurphy · 3h ago
That would have been true pre Mozilla implosion.
ekianjo · 2h ago
If you read the article you will see that Mozilla supports the removal of XLST. So switching to Firefox which also turned off RSS support several years ago is hardly a good choice.
ymolodtsov · 3h ago
Firefox is used by 1% of users.
MrVandemar · 2h ago
The top 1% of users :-)
izacus · 2h ago
You need to admit to yourself that maintaining a critical piece of software like a web browser costs a lot in work and finance and start figuring where and how you'll fund people that do more than complain.
Developing software is hard - and OSS hasn't found a way to do hard things yet.
Devasta · 4h ago
Getting rid of XSLT from the browser would be a mistake, no doubt about it.
You can see it clear as day in the github thread that they weren't asking permission, they were doing it no matter what, all their concerns about security just being the pretext.
It would have been more honest of them to just tell everyone to go fuck themselves.
JimDabell · 2h ago
> their concerns about security just being the pretext.
It seems entirely reasonable to be concerned about XSLT’s effects on security:
> Although XSLT in web browsers has been a known attack surface for some time, there are still plenty of bugs to be found in it, when viewing it through the lens of modern vulnerability discovery techniques. In this presentation, we will talk about how we found multiple vulnerabilities in XSLT implementations across all major web browsers. We will showcase vulnerabilities that remained undiscovered for 20+ years, difficult to fix bug classes with many variants as well as instances of less well-known bug classes that break memory safety in unexpected ways. We will show a working exploit against at least one web browser using these bugs.
AFAIK browsers rely on an old version of xslt libraries and haven’t upgraded to newer versions
They also seem to be putting pressure on the library maintainer resulting in them saying they’re not going to embargo security bugs
simonw · 3h ago
What do you think their real reason for wanting to remove XSLT is, if not what they claim?
aragilar · 1h ago
They don't want to support it (because of their perceived cost-benefit ratio for what they're interested in developing/maintaining), and hence if it is removed from the browser standards then they aren't required to support it (as opposed to driving people to other browsers)? One could ask why do WebUSB and similar "standards" given those would seem (to me) to be a much greater security issue?
El_Camino_Real · 2h ago
Why side with the megacorps on every thread, even when it doesn't relate to the big hotness of large language models?
JumpCrisscross · 2h ago
> Why side with the megacorps
Reflexively siding with the tech majors is about as dogmatic as reflexively siding against them.
jacquesm · 3h ago
To increase the depth of their moat. XSLT would allow anybody with a minimum of effort to extract semantic information from the web.
jeroenhd · 2h ago
XSLT is a terrible tool for that job. RDF combined with something like SPARQL is much closer to that, and makes for one of the greatest knowledge processing tools nobody ever uses.
XSLT is designed to work on XML while HTML documents are almost always SGML-based. The semantics don't work the same and applying XML engines on HTML often breaks things in weird and unexpected ways. basic HTML parsing rules like "a <head> tag doesn't need to be closed and can simply be auto-closed by a <body>" will seriously confuse XML engines. To effectively use XSLT to extract information from the web, you'd first need to turn HTML into XML.
oefrha · 2h ago
Hey, it works great on the dozens of XHTML websites lying around. Dozens!
aragilar · 1h ago
I think it's the other way round, it's XML -> HTML not HTML -> XML.
JimDabell · 2h ago
> XSLT would allow anybody with a minimum of effort to extract semantic information from the web.
XSLT has been around for decades so why are you speaking in hypotheticals, as if it’s an up-and-coming technology that hasn’t been given a fair chance yet? If it hasn’t achieved that by now, it never will.
jon-wood · 2h ago
I feel like this is overly conspiratorial. Likely they want to remove it because it's a pain to support, and used by an ever shrinking proportion of the internet. I don't even necessarily think removing support is a terrible thing, if you want to turn XML into HTML or whatever with XSLT you're still very welcome to do so, you just might have to do it server side rather than expecting every web browser to it for you.
mschuster91 · 2h ago
> a minimum of effort
That is not a combination of words that should be mentioned in the same sentence as the word XML or, even worse, XSLT.
XML has its value in enterprise and reliable application development because the tooling is very old, very mature and very reliable. But it's not something taught in university any more, it's certainly not taught in "coding bootcamps", simply because it's orders of magnitude more complex than JSON to wrap your head around.
Of course, JSON has jsonschema, but in practice most real-world usages of JSON just don't give a flying fuck.
Devasta · 10m ago
There are other implementations of XSLT available besides libxslt, some even in Javascript. Security is something that could be overcome and they wouldn't need to break styling on RSS feeds or anything, it could be something like how FF has a js for dealing with PDFs.
It doesn't need to be some big conspiracy: they see the web as an application runtime instead of being about documents and information, don't give a fuck about XML technologies, don't use them internally and don't feel anyone else needs to.
ozgrakkurt · 2h ago
“The reason implementations are riddled with CVEs is neglect”
Imo this misses the point a bit. If it is neglected and is going to keep producing bugs and not many people are developing on it, then it maybe makes sense to kill it.
This also means new browsers won’t have to implement it maybe?
jmclnx · 2h ago
To me, when google rename Bard to Gemini, they should have been dragged into court. But the Gemini people have no funds for this, so big money wins. But at the least a trademark complaint could have been filed.
In any case, I do not use google at all unless forced. My old gmail address is a "dump" where if a site asks for am email, they get that one. I only long into to gmail to delete the "spam" I get.
stackedinserter · 2h ago
Google is evil, but man, I never missed XSLT. I'm old enough to remember it and it gives me war flashbacks.
The good thing is that it makes you strong and resilient to pain over time. It's painfully unreadable. It's verbose (ask chatgpt to write a simple if statement). Loops? - here's your foreach and that's all we have. Debugging is for weak, stdout is your debugger.
It's just shit tech, period. I hope devs that write soul harvesting surveillance software at Google go to hell where they are forced to write endless xslt's. Maybe that's the reason they want to remove it from Chrome.
jeroenhd · 2h ago
I don't really get the hatred for XSLT. It's not the most beautiful language, I'll give you that, but it's really not as bad as people make it out to be.
I can't imagine wanting to use anything more complex than a for-each loop in XSLT. You can hack your way into doing different loops but that's like trying to implement do/while in Haskell.
Is it that I've grown too comfortable with thinking in terms of functional programming? Because the worst part of XSLT I can think of is the visual noise of closing brackets.
stackedinserter · 1h ago
Probably you never _worked_ with XSLT (which is good for you). Very simple things quickly become 1K of unreadable text.
E.g. showing the last element of the list with different something
```
<xsl:for-each select="items/item">
<xsl:choose>
<xsl:when test="position() = last()">
<span style="color:red;">
<xsl:value-of select="."/>
</span>
</xsl:when>
<xsl:otherwise>
<span style="color:blue;">
<xsl:value-of select="."/>
</span>
</xsl:otherwise>
</xsl:choose>
</xsl:for-each>
```
Or ask chatgpt to count total weight of a shipping based on xml with items that have weights. I did and it's too long to paste here.
> It's not the most beautiful language, I'll give you that, but it's really not as bad as people make it out to be.
TBH I can say that about any language or platform that I ever touched. ZX Spectrum is not that bad, although has its limits. That 1960x 29-bit machine is not that bad, just takes time to get used to it. C++ is not that bad for web development, it's totally doable too.
The thing is that some technologies are more suitable for modern tasks then others, you'll just do much, much more (and better) with JSON model and JS code than XSLT.
gennarro · 3h ago
Site not loading? Maybe the open web isn’t all it’s cracked up to be? /s
andersmurphy · 3h ago
Loading fine for me.
wltr · 2h ago
Might not load if you’re in Ukraine and the location of the server you’re trying to access is in Russia. Blocked on the country level. Works very well for me, I can easily distinguish someone trying to pretend they are in the EU, while being in Russia. Have no idea whether this is the case, but it does not load for me either.
cyberlimerence · 2h ago
It's hosted in Italy, as per the DNS record. I don't think you can register .eu domain if you're not based in Europe/EU.
So the theory is that Google chose the name of its AI -- easily one of the hardest and most revenue-impacting naming decisions it's made in years -- in order to create a name collision with a protocol nobody's heard of that's trying to revive GOPHER?
This is so obviously false that you have to re-read the rest of the article with the knowledge that the author is misunderstanding what they're seeing.
Much of what the author describes is increasing security and not wanting to work with XML.
Yeah, you're right that Google probably didn't look at a list of open web technologies that they disagree with and choose one for their new tool. I guess I'll call that "malicious intention".
I'm sure that, however the name was picked, Google's lawyers looked for prior uses of the name. I'm sure it came up, and Google shrugged its shoulders in indifference. Maybe someone brought up the fact this would hurt some open standard or whatever, but nobody in power cared. Is this the same kind of malicious? Probably not, but it still shows that Google doesn't care about the open web and the collateral damage they cause.
https://books.google.com/ngrams/graph?content=gemini%2Cbard&...
Part of the community really hated XHTML and its strictness. I remember Mozilla being at the vanguard then rather than Google.
I think the situation was and is a lot more messy and complicated than what the article presents but presenting it fully would make for a less compelling narrative.
As is I don’t really buy it personally.
Taking over standards groups is a gray area with tradeoffs. It helped Google preserve monopoly in search but clearly devs and the web benefited as well.
XHTML2 was panned because it was super strict without clear benefits. Keeping HTML backwards compatible is clearly a very good thing. I don’t fully understand the author’s passion for XSLT- it’s cumbersome and it wasn’t popular with devs.
I agree with the headline and some aspects but XML is a bad hill to die on and much of the writing is hyperbolic and more than a little out of touch.
A big part of this is that people were concatenating XML together manually, to predictable disaster.
Nowadays they use JSX and TypeScript, far more strict than XML ever was, and absolutely love it.
??? Why do you think this?
No, which means you’ll never see them get the level of polish or investment that closed stuff gets. Because when it’s closed you can make people pay or monetize it with advertising.
I’m not cheering for this. Don’t shoot the messenger. I’m pointing out why things are this way.
A major problem is that while free software efforts can build working software, it often takes orders of magnitude more work to make software mere mortals can use. That kind of UI/UX polish is also the work programmers hate doing, so you have to pay them to do it. Therefore closed stuff always wins on UI/UX. That means it always takes the network effect. UX polish is the moat that free has never been able to cross.
Yes. (Slack. Orion. Since when were servers free?)
The web basically fractures into people who watch ads and complain about paywalls and those who don’t.
One, corporate cash is just as good as people cash. Two, people absolutely paid for WhatsApp before it was acquired. And three, I am a people and I personally pay for Microsoft 365 and on occasion have used Teams.
They definitely weren’t bought by corporations because they care about open standards or great UX.
OP said open products lose because they lack “UI/UX polish.”
Slack proves my point. It's closed and vertically integrated and people pay for it. Nobody paid for the open precursors to Slack so they stagnated.
No, it’s a thing people pay for and thus which attracts investment. Despite its UI/UX being perennially trashed.
I think you got it clearly reversed in your mind...
1) Google doing whatever they want with matters that affect every single human on the planet.
2) Google running a farse with "public feedback" program where they don't actually listen, or in this case ask for feedback after the fact.
3) Google not being truthful or introspective about the reasons for such a change, especially when standardized alternatives have existed for years.
4) Honestly, so much of standard, interoperable "web tech" has been lost to Chrome's "web atrocities" and IE before that... you'd think we've learned the lesson to "never again" have a dominant browser engine in the hands of a "for profit" corp.
NaCL? Mozilla won this one. Wasm is a continuation of asm.js.
Dart? It now compiles to Wasm but has mostly failed to replace js while Typescript filled the niche.
Sure, Google didn’t care much for XML. They had a proper replacement for communication and simple serialisation internally in protobuf which they never actually try to push for web use. Somehow json ended up becoming the standard.
I personally don’t give much credit to the theory of Google as a mastermind patiently under minding the open web for years via the standards.
Now if we talk about how they have been pushing Chrome through their other dominant products and how they have manipulated their own products to favour it, I will gladly agree that there is plenty to be said.
Lost? The format is literally everywhere and a few more places. Hard to say something lost when it's so deeply embedded all over the place. Sure, most developers today reach for JSON by default, but I don't think that means every other format "lost".
Not sure why there is always such a focus on who is the "winner" and who is the "loser", things can co-exists just fine.
I think, from my experience at least, that we keep getting these "component reuse" things coming around "oh you can use Company X's schema to validate your XML!" "oh you can use Company X's custom web components in your web site!" etc etc yet it rarely if ever seems to be used. It very very rarely ever feels like components/schemas/etc can be reused outside of their intended original use cases, and if they can they are either so trivially simple it's hardly worth the effort, or they are so verbose and cumbersome and abstracted trying to be all things to all people then it is a real pain to work with. (And for the avoidance of doubt I don't mean things like tailwind et Al here)
I'm not sure who keeps dreaming these things up with this "component reuse" mentality but I assume they are in "enterprise" realms where looking busy and selling consulting is more important than delivering working software that just uses JSON :)
In hindsight, it is hard to imagine a JSON-based RSS-style standard struggling to catch. The first project every aspiring JS developer would be doing is how to add a feed to their website.
I use it to store complex 3D objects. It works surprisingly well.
Funny how went from "use it for everything" (no matter how suitable) to "don't use it for anything new" in just under two decades.
To me XML as a configuration file format never made sense. As a data exchange format it has always been contrived.
For documents, together with XSLT (using the excellent XPath) and the well thought out schema language RelaxNG it still is hard to beat in my opinion.
example formats that should not ever be JSON
TEI https://tei-c.org/ EAD https://www.loc.gov/ead/ docbook https://docbook.org/
are three obvious ones.
basically anything that needs to combine structured and unstructured data and switch between the two at different parts of your tree are probably better represented as XML.
https://www.loc.gov/ead/tglib1998/tlin125.html
Earlier I had only seen the mix of values in body and values in tags. With one even being a tag called "value".
Thanks for showing more examples of XML being used to write unreadable messes.
Use the correct tool for the job. If that tool is XML, then I use it instead of $ShinyThing.
They had like 50 different configurators built at different times using different tech etc. (my memory is a bit fuzzy here as to how many they had etc. but it was a lot) So of course they wanted to make a solution for putting their codebase together and also make it easy to make new configurators.
So they built a React application to take a configurator input format that would tell you how to build this application and what components to render and blah blah blah etc.
Cool. But the configurator format was in JSON so they needed to make an editor for their configurator format.
They didn't have a schema or anything like this they made up the format as they went along, and they designed the application as they went along by themselves, so application designed by programmers with all the wonder that description entails.
That application at the end was just a glorified tree editor that looked like crap and of course had all sorts of functionality behavior and design mixed in with its need to check constraints for outputting a particular JSON structure at a particular point. Also programmed in React.
There was about 10 programmers, including several consultants who had worked on this for over a year when I came along, and they were also shitting bricks because they had only managed to port over 3 configurators, and every time they ported a new one they needed to add in new functionality to the editor and the configurator compiler, and there was talk of redesigning the whole configurator editor cause it sucked to use.
Obviously the editor part should have been done in XML. Then people could have edited the XML by learning to use XML spy, they could have described their language in XML schema real easy, and so forth.
But no they built everything in React.
The crowning hilarity - this application at most would ever be used by about 20 people in the world and probably not more than 10 people at all.
I felt obligated by professional pride (and also by the fact that I could see no way could this project keep being funded indefinitely so it was to my benefit to make things work) to explain how XML would be a great improvement over this state of affairs but they wouldn't hear of it.
After about 3 months on it was announced the project would be shut down in the next year. All that work wasted on an editor that could probably have been done by one expert in a month's time.
You can get XML and convert it to everything. I use it to model 3D objects for example, and the model allows for some neat programming tricks while being efficient and more importantly, human readable.
Except being small, JSON is worst of both worlds. A hacky K/V store, at best.
Efficient is also... questionable. It requires the full turing machine power to even validate iirc. (surely does to fully parse). by which metric is XML efficient?
That’s always been the main flaw of XML.
There are very few use case where you wouldn’t be better served by an equivalent more efficient binary format.
You will need a tool to debug xml anyway as soon as it gets a bit complex.
Most of the time you will actually be debugging what’s inside the file to understand why it caused an issue and find if that comes from the writing or receiving side.
It’s pretty much like with a binary format honestly. XML basically has all the downside of one with none of the upside.
It's also pretty easy to emit, "I didn't find what I'm looking for under $ELEMENT" while parsing the file, or "I expected a string but I got $SOMETHING at element $ELEMENT".
Maybe I'm distorted because I worked with XML files more than decade, but I never spent more than 30 seconds while debugging an XML parsing process.
Also, this was one of the first parts I "sealed" in the said codebase and never touched it again, because it worked, even if the coming file is badly formed (by erroring out correctly and cleanly).
For hands-on experience, I used rapidxml for parsing said 3D object files. A 116K XML file is parsed instantly (the rapidxml library's aim is to have speed parity with strlen() on the same file, and they deliver).
Converting the same XML to my own memory model took less than 1ms including creation of classes and interlinking them.
This was on 2010s era hardware (a 3rd generation i7 3770K to be precise).
Verifying the same file against an XSLT would add some milliseconds, not more. Considering the core of the problem might took hours on end torturing memory and CPU, a single 20ms overhead is basically free.
I believe JSON and XML's readability is directly correlated with how the file is designed and written (incl. terminology and how it's formatted), but to be frank, I have seen both good and bad examples on both.
If you can mentally parse HTML, you can mentally parse XML. I tend to learn to parse any markup and programming language mentally so I can simulate them in my mind, but I might be an outlier.
If you're designing a file format based on either for computers only, approaching Perl level regular expressions is not hard.
Oops, forgot the link:
[0]: https://pugixml.org/benchmark.html
How is it a sailed ship?
<MyRoot> <AnElement> <Item></Item> </AnElement> </MyRoot>
Serialize that to a JavaScript object, then tell me, is "AnElement" a list or not?
That's one of the reasons why XML is completely useless on the web. The web is full of XML that doesn't have a schema because writing one is a miserable experience.
Consider the following example:
Most parsers have type aware parsing, so that if somebody tucks string to a place where you expect integer, you can get an error or nil or "0" depending on your choice.And I don't care at all about the feelings of AI agents. That a tool that's barely existed for 15 minutes doesn't need a feature is irrelevant when talking about whether or not to continue supporting features that have been around for decades.
Conceptually it was beautiful: We had a set of XSL transforms that could generate RSS, Atom, HTML, and a "cleaned up" XML from the same XML generated by our frontend, or you could turn off the 2-3 lines or so of code used to apply the XSL on the server side and get the raw XML, with the XSLT linked so the browser would apply it.
Every URL became an API.
I still like the idea, but hate the thought of using XSLT to do it. Because of how limited it is, we ended up having e.g. multiple representations of dates in the XML because trying to format dates nicely in XSLT for several different uses was an utter nightmare. This was pervasive - there was no realistic prospect of making the XML independent of formatting considerations.
That's been tried multiple times over the last two decades and it just ends up with a patchwork of conventions and rules defining how to jam a square peg into a round hole.
"Developers keep making this bad choice over and over" is a statement worthy of deeper examination. Why? There's usually a valid reason for it. In this instance JSON + JS framework of the month is simply much easier to work with.
While oftentimes what happens is is "oh, this thing seems to be working. And it looks easy. Great! Moving on.."
XSLT is more related to frontend frameworks like react. Where XML and JSON are ways of representing state, XSLT and react (or similar) are ways of defining how that state is converted to HTML meant for human consumption.
The same can be said about their search engine. This most likely has already altered the outcomes of elections and should have been investigated years ago.
- Stable Array.sort (2008 – 2018): Of course it doesn't have to be stable, spec does not dictate it right now, it is good for performance, and some other browser even started to do this like we do: http://crbug.com/v8/90 . - Users don't userstyle (2015– ) Of course we absolutely can an will remove this feature from the core, despite it is mandated by several specifications: https://bugs.chromium.org/p/chromium/issues/detail?id=347016 . - SMIL murder attempt was addressed in the OP article (I think they keep similar sentiment towards MathML either) but luckily was eventually retracted. I guess/hope this XSLT will have similar "storm in the teacup" trajectory.
It would be a horrible existence to value anything else. What reason is there to get up in the morning if you think things couldn't be better?
If a company breaks something so only their path works it's short term practicality to use it and long term practicality to fight for an alternative that keeps control in the developers hand.
Monopolies are terrible for software developers. Quality and customisation tend to go down, which means less value for the Devs.
Every Chrome installation or related fork, plus Electron shippments, counts.
One way is to tell everyone to use Firefox (uBlock origin works there)
It is still an issue that the Mozilla Foundation is still 80% funded by Google though, so this needs to be solved first.
Somehow Firefox needs to be moved away from Mozilla if they cannot find an alternative funding source other than Google.
If that is the case, we need to come together and donate thousands to ladybird en masse.
It might take around ~30 years for adoption but it is a start.
Don't you think Google and the other big tech companies already has massive influence in the W3C and web standards?
Developing software is hard - and OSS hasn't found a way to do hard things yet.
You can see it clear as day in the github thread that they weren't asking permission, they were doing it no matter what, all their concerns about security just being the pretext.
It would have been more honest of them to just tell everyone to go fuck themselves.
It seems entirely reasonable to be concerned about XSLT’s effects on security:
> Although XSLT in web browsers has been a known attack surface for some time, there are still plenty of bugs to be found in it, when viewing it through the lens of modern vulnerability discovery techniques. In this presentation, we will talk about how we found multiple vulnerabilities in XSLT implementations across all major web browsers. We will showcase vulnerabilities that remained undiscovered for 20+ years, difficult to fix bug classes with many variants as well as instances of less well-known bug classes that break memory safety in unexpected ways. We will show a working exploit against at least one web browser using these bugs.
— https://www.offensivecon.org/speakers/2025/ivan-fratric.html
— https://www.youtube.com/watch?v=U1kc7fcF5Ao
They also seem to be putting pressure on the library maintainer resulting in them saying they’re not going to embargo security bugs
Reflexively siding with the tech majors is about as dogmatic as reflexively siding against them.
XSLT is designed to work on XML while HTML documents are almost always SGML-based. The semantics don't work the same and applying XML engines on HTML often breaks things in weird and unexpected ways. basic HTML parsing rules like "a <head> tag doesn't need to be closed and can simply be auto-closed by a <body>" will seriously confuse XML engines. To effectively use XSLT to extract information from the web, you'd first need to turn HTML into XML.
XSLT has been around for decades so why are you speaking in hypotheticals, as if it’s an up-and-coming technology that hasn’t been given a fair chance yet? If it hasn’t achieved that by now, it never will.
That is not a combination of words that should be mentioned in the same sentence as the word XML or, even worse, XSLT.
XML has its value in enterprise and reliable application development because the tooling is very old, very mature and very reliable. But it's not something taught in university any more, it's certainly not taught in "coding bootcamps", simply because it's orders of magnitude more complex than JSON to wrap your head around.
Of course, JSON has jsonschema, but in practice most real-world usages of JSON just don't give a flying fuck.
It doesn't need to be some big conspiracy: they see the web as an application runtime instead of being about documents and information, don't give a fuck about XML technologies, don't use them internally and don't feel anyone else needs to.
Imo this misses the point a bit. If it is neglected and is going to keep producing bugs and not many people are developing on it, then it maybe makes sense to kill it.
This also means new browsers won’t have to implement it maybe?
In any case, I do not use google at all unless forced. My old gmail address is a "dump" where if a site asks for am email, they get that one. I only long into to gmail to delete the "spam" I get.
The good thing is that it makes you strong and resilient to pain over time. It's painfully unreadable. It's verbose (ask chatgpt to write a simple if statement). Loops? - here's your foreach and that's all we have. Debugging is for weak, stdout is your debugger.
It's just shit tech, period. I hope devs that write soul harvesting surveillance software at Google go to hell where they are forced to write endless xslt's. Maybe that's the reason they want to remove it from Chrome.
I can't imagine wanting to use anything more complex than a for-each loop in XSLT. You can hack your way into doing different loops but that's like trying to implement do/while in Haskell.
Is it that I've grown too comfortable with thinking in terms of functional programming? Because the worst part of XSLT I can think of is the visual noise of closing brackets.
E.g. showing the last element of the list with different something ``` <xsl:for-each select="items/item"> <xsl:choose> <xsl:when test="position() = last()"> <span style="color:red;"> <xsl:value-of select="."/> </span> </xsl:when> <xsl:otherwise> <span style="color:blue;"> <xsl:value-of select="."/> </span> </xsl:otherwise> </xsl:choose> </xsl:for-each> ```
Or ask chatgpt to count total weight of a shipping based on xml with items that have weights. I did and it's too long to paste here.
> It's not the most beautiful language, I'll give you that, but it's really not as bad as people make it out to be.
TBH I can say that about any language or platform that I ever touched. ZX Spectrum is not that bad, although has its limits. That 1960x 29-bit machine is not that bad, just takes time to get used to it. C++ is not that bad for web development, it's totally doable too.
The thing is that some technologies are more suitable for modern tasks then others, you'll just do much, much more (and better) with JSON model and JS code than XSLT.
Please don’t do this.