offlinefirst / research Goto Github PK

Hello,

Do you know about tiddlywiky? It's a single app Web offline application. It is a wiki, but it is so flexible that you can create apps that are not even close to look like a regular wiki. Take a look for example at tiddlymap, a plugin for TiddlyWiki. I think it fits your organization philosophy

Regards

Many web developers still work with server-side MVC frameworks like Rails or Django. Can we create tools that make it possible to take an existing web app and make it work offline, or is the whole of "classic web dev" incompatible with offline-first?

If the only tools that allow creating an offline-first web app are client-side MVC frameworks like Ember/Angular/React, then should we tell all these developers and projects and clients that the decades spent programming web apps in Python/PHP/Ruby were "the wrong approach" and they should now forget that and learn a new framework / programming language (one that allows client-side template rendering with data-on-the-wire)?

A bunch of folks have suggested advertising doesn’t work with offline and hence offline is bound to fail. While I’d suggest we just need to find better business models, I also think ads can be made to work.

1. An app / site can pre-cash a number of ads for rotation.
2. An app / site can collect view and click stats offline and sync them with the backend when online. (this can be subject to tampering, but so is online ad serving, offline is harder to secure, though, I think, but please prove me wrong).
3. “clicking” on an ad doesn’t lead anywhere when one is offline. To allow users to register genuine interest, ads could come with a registration mechanism, or federated like system that syncs with a central source that allows the advertiser to follow up.

This is only one possible solution, there might be grave errors in here, please help pointing them out. And if you can think of other ways to serve ads offline.

Finally, if you have better business models, we’d love to hear about them as well :)

• PouchDB
• CouchDB
• RXDB (https://rxdb.info)

When I try to advocate for offline-first these days, I don't talk much about offline itself. It just feels like a non-starter.

"Offline is an edge case." "Our users aren't constantly on the subway." "I don't expect apps to work offline anyway." Etc.

Instead what I talk about is how the network is slow. So if you minimize calls to the network, your app automatically gets snappier, whether it's offline or online.

This gist really drives the point home. It's useful to remember that the network is an order-of-magnitude slower than everything else, even when it's working.

I also wrote a blogpost on this theme: "Offline-first is people-first".

This seems like an interesting API for people using NodeJS and thinking offlinefirst:

http://strongloop.com/developers/videos/?utm_source=StrongLoop+Newsletter&utm_campaign=8cdee51d48-May_2014_StrongLoop_Newsletter5_29_2014&utm_medium=email&utm_term=0_5cdaff72d5-8cdee51d48-171396593#Getting-Started-with-Node-js-Replication-and-Offline-Sync-for-Mobile-and-Web-Apps

Would be interested to hear if people have used this API before? is it production ready? can it be used with Postgres?

both Mozilla and Google are working on ways to let apps sync in the background.

see https://twitter.com/clochix/status/477180859087589376 for more details

Is there a generally accepted icon that represents “offline” that I might use in place of a 32px avatar? +@janl @jaffathecake — @Rem in https://twitter.com/rem/status/428949228917125120

@janl and offline doesn’t particularly mean “WARNING: YOU ARE OFFLINE” @jaffathecake — @Rem in https://twitter.com/rem/status/428949698050023425

Hi,

I think the very basic feature you need for offline first apps is bidirectional replication.

For example like this: https://pouchdb.com/guides/replication.html#couchdb-sync

Maybe I was blind, but I could not see anything about this topic on your page.

Do you use bidirectional replication? If not, how do you solve the data sync topic?

There's been a lot written about how browser crypto is flawed from its very foundations, but I think with some tricks we can fix it. Offline first is a good start, but I think for crypto it doesn't go far enough. With the default way of building web apps, a crypto app could suddenly start serving malicious code without warning if the user is online because the browser by default will trust and run whatever code the server sends it. If law enforcement visits a website operator, they can force the website to deliver compromised code in a targeted or non-targeted capacity. Something like this scenario seems to have happened with lavabit, the email provider used by Edward Snowden.

The solution: don't allow websites to update! Turn your website into a brick! If you ever need to update your code, users should opt-in to receive updates and verify payloads through third-party out-of-band auditing that spans multiple international jurisdictions.

http://hyperboot.org/ - lib to brick a website with opt-in upgrades
https://keyboot.org/ - bricked website to store keypairs in-browser (going to rip out the slow RSA and do per-domain fast ECC keys soonish)

In an offline app I might want to store data that is bigger than a small key/value object.
For example large images, videoclips, documents.
It would be nice to be able to flag the data if it should be synced always or only when Wi-Fi is available. As tethering is very are common nowadays it might be also smart to let the user decide if large data should be synced currently or not.
An idea to implement such is to have documents of the same type which will be synched to the same remote, but locally are in separate databases (lets call them channels). e.g. One for large data and one for small.

Good point from the Google IO Polymer keynote:

Users don't (yet) expect your web app to work offline, so explicitly tell them "this app is now fully cached".

Must watch: https://www.youtube.com/watch?v=fD2As5RmM8Q&feature=youtu.be&t=1794

Hi! Anybody using hypermege (https://github.com/automerge/hypermerge)? how has the experience been?

In every mobile application, especially in an offline first environment it should always be possible to prevent a sync to the server when it hasn't happened already.

Cases:

• The user has accidentically choosen the wrong image to upload
• The data is big and the user recognizes it to late and doesnt want to burden his dataplan that much
• The original reason for storing the data is no longer reasonable.

There are many applications on mobile devices where the sending, once pressed the button, is no longer preventable. For example Hangouts where you send a picture but in the last second recognize it was the wrong one, then the app can't upload because of slow speed but also don't let you abort the upload.

Native apps, at least on iOS, are trained to restore a specific application state that reflects what the user saw the last time they were in the app. Because mobile apps can be retired for memory or battery reasons at any time, they need to be able to restore their state. iOS comes with system APIs that help with that.

On the web app front, this isn’t an established pattern and existing tools don’t have this built in, or make it easy. Please comment with counter examples!

I found this nice design...

• http://blog.angularjs.org/2014/03/angular-20.html
• https://docs.google.com/document/d/1DMacL7iwjSMPP0ytZfugpU4v0PWUK0BT6lhyaVEmlBQ

What happens when one or more of the players drop or lag?

The remaining players are put on hold, but are dropped in a chat or other situation that allows them to engage with the game while waiting for the disconnected parties to return.

Any ideas on how to handle offline access for mobile apps that use Google/Facebook/Twitter authentication?

For ex. User creates some data while online after OAuth authentication. Later when she is offline she wants to update data. How will the offline login be handled? Long-lived tokens? If the token is for say -3 days- and she creates data while offline on the last day before expiration, the next day the token expires now she cannot access the data created the day before unless she connects to the OAuth provider and renews the token? Should the app warn the user about upcoming token expirations?

The controls all get greyed out and the curser goes away. Scrolling is retained

In comparison, the online version:

For the situation that a client (be it an web site / web app or native app) stores user input (text, photos, map markers etc.) locally first and only synchronises the data with the server “later”.

Advantages over synchronous sync:

• allows for a fast, low latency user experience, as user interactions only ever talk to the local machine.
• networking errors do not interfere with the main application flow.
• applications work without an internet connection.
• save battery life because network operations can be batched.
• add more here…

Implementations:

• email outbox

Hi Jan et al, congrats on the first issue of The Offline First Reader, it's really great!

Wanted to report a small issue I had, when I clicked contact in the bottom of the email my browser (chrome) just hangs oddly enough. Further debugging showed some strange behavior see Location header below:

$ curl -v 'http://offlinefirst.us4.list-manage.com/track/click?u=12d36bbe9418ed6a43127cd62&id=bd5709e197&e=7e7aeaf465'
* Hostname was NOT found in DNS cache
*   Trying 23.64.114.219...
* Connected to offlinefirst.us4.list-manage.com (23.64.114.219) port 80 (#0)
> GET /track/click?u=12d36bbe9418ed6a43127cd62&id=bd5709e197&e=7e7aeaf465 HTTP/1.1
> User-Agent: curl/7.37.1
> Host: offlinefirst.us4.list-manage.com
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
* Server nginx is not blacklisted
< Server: nginx
< Content-Type: text/html; charset=UTF-8
< Content-Length: 26
< X-UA-Compatible: IE=edge,chrome=1
< Location: http://&lt;a href=&quot;mailto:[email protected]&quot;&gt;Email Me&lt;/a&gt;
< Content-Encoding: gzip
< Vary: Accept-Encoding
< Date: Fri, 17 Jul 2015 17:28:38 GMT
< Connection: keep-alive
< Set-Cookie: _AVESTA_ENVIRONMENT=prod; path=/
< 

Some extended thoughts stemming from my twitter convesation with @pgte, @lmjabreu and @gr2m, originating here: https://twitter.com/electricgecko/status/469527201558589440

• My tweet was based on my personal experience with iOS apps that are not just crippled, but refuse to run without a steady connection. Many games fall into this category, Siri does too.
• While there are compelling reasons for such behaviour (such as externalising processing power to a server), they seem to be the exception.

Here's what I think:

• Using an app without being connected is one of the few remaining characteristics of software as a commodity (~ free to be modded/extended/destroyed). The possibility of persistent connection to the web has created new economic models, all of which require software to be a service (than can be subject to change or stop existing at any time).
• In order to pay with information/attention/our customer profile, the data has to be transferred as we are using a service.

This leads to:

• Being offline means being independent, being offline means not paying with data.
• Offline first means charging your customers directly. Offline first is adverse to ad-based/information-based business models.
• Offline first software will have to be opinionated software concerning its business model.
• This is a competetitive disadvantage for Offline first software. At least when the goal is mainstream appeal or substantial commercial success in a climate of dropping software prices, freemium models and the abundance of high-quality, ad-based products from Google, Facebook and others.

I am writing a pretty simplistic game that is location based. It makes you run around to different areas to unlock the next part of the game. This I have solved pretty simply with encryption and local storage.

I want to add some more to the game, but lets start simple. How would one do offline dice rolls, that could be verifiable when the user reconnects?

Properties I am looking for include:

• User cant change the dice roll some way. (this is in js)
• When they reconnect I can verify the dice rolls.

Some thoughts I have had:

• https://jscrambler.com/ provides things like code traps and "self-protective" code. Seems a bit market-speak, but maybe there is some research I could leverage there.
• pre-rolls. Encrypt a bunch of random pre-rolls, and then each action somehow pulls and decrypts one off the stack.

Anyway, open to suggestions, thoughts, etc.