Yeah, this. The vocabulary ratchet is underrated as a policy tool. "Install" became "sideload." "Sideload" became "install from unknown sources." "Unknown sources" is becoming "unverified packages." Each rename shifts the Overton window a little further from "this is the normal way to put software on a computer you own" toward "this is a suspicious deviation Google has graciously decided to tolerate for now."
By the time the technical mechanism lands, the framing has been prepared for a decade. The 24-hour cooldown, the seven taps, the three scare screens all _feel_ proportional to the danger the language has been implying. That's not an accident, that's the policy working as designed.
On the other side of the coin, those of us doing tech support for unsavvy family members do not want them installing software from any source but some vetted app store. Making it a bit harder is a real boon for those of us that still carry the mental scars of so many Bonzi Buddy removals.
I've been following "hackery" spaces like the console homebrew and Android custom ROM scenes for almost 2 decades now.
There has long been a culture of deliberately making the installation of certain types of free and libre software needlessly complex and using deviancy-coded language simply because it makes the in-group feel cool and elite.
This whole idea of "sideloading" and related terminology being Google FUD only came about in the past couple of years. For the decade before it was people on xda-developers deliberately throwing words like that around because they wanted to prove they were true 1337 h4xx0rz.
I've been a big fan of TanStack start and have a few small apps (<10k users) in production running on TSS.
The DX is smooth, the defaults are sane, and things generally makes sense if that makes sense. There are plenty of skills available so Claude Code and Codex know how to work with it too.
If you're maybe finding Next a bit bloated these days, I'd recommend giving this a try. Plus Tanner, the creator, responds to almost every mention on Twitter so it's easy to get eyeballs on issues that you might face. :)
We are also currently inmidst a migration from NextJS to TanStack Start and it's worth for the performance and resource gains alone.
NextJS' dev server takes around 3-4 GB memory after a few page click while TanStack / Vite consumes less than a GB.
This is something I noticed, originally I thought "AI" was the perfect tool for Vercel and Nextjs (current standard = future standard), but then I realized is the total opposite, their moat/stick is gone now, and Rouch that is smart I think knows this.
I switched a middle sized app to Tanstack Router + Vite while I was walking my dogs. Then 30 minuts-1 hour QA and it was done. This should have never happened before AI.
(I did switch because I was tired of the bloated network tab with 100 unnecesary RSC calls, the 5 seconds lag when clicking on an internal link, the 10 seconds "hot reload" after a change... I'm on a M4 MAX with 64GB of ram....)
Vercel's moat is DX in hosting, not NextJS. Consider, people who switch to TanStack Start still need a place to host and many would continue to choose Vercel.
Same principle applies, hosting in Railway has slightly worse UX, but with LLM's you don't need to write a single docker line anymore, so deploying on railway is way way less cumbersome than before, and you gain more control and less costs.
This moat is rapidly disappearing though. Cloudflare is catching up, most apps (including TanStack Start) can be one-click deployed without configuration now.
Same here. I've been trying to get more into the physical world, with a tech angle, rather than just pure software. As you said, using my hands is what keeps me sane, makes the world seem a little more real, if that makes sense?
I do mention cases where the browser model doesn't work, like accessing Lidar sensors. Just didn't want to bloat the post with too many examples. But I totally agree with you on this front: not everything can be done as a PWA.
Fair enough. I've read a bit too much LLM written non-tech posts these year that I'm a bit fatigued. I figured people would just want to know this upfront. Moved it to the bottom now.
The site is already back online after the post. You can check yourself. If I really did have malicious content on the site, this post would have had zero effect on the result.
Ha, thank you. I spent more time than I'm willing to admit to come up with it.
I use my older, much longer domain for email and identity (it used to be #3 on SERP for "Sid"). This one is just for giggles so I can blog in peace without affecting the main one.
I can't be 100% sure but googling showed nothing. My site was up for almost 6 weeks with no issues. I used the domain for Apple's review process too. No issues at all.
That sounds like a competitor of yours manually submitting your site to Google for “impersonating” them or something. Anyone can submit URLs to Google to suggest it be blocked: https://safebrowsing.google.com/safebrowsing/report_phish/ Perhaps some overworked underpaid analyst had a lapse of judgement. I’m sorry that this happens to you.
wait, this actually makes things sound even worse because anyone who might not like your product can add it to google and google can sometimes be none the wiser and then add it to phishing link which could then lead to their domains (ie. any TLD's hosted by radix.website) being lost in void essentially unless you have verified the domain in google analytics and even then I would consider this whole situation to be so messy.
At this point, NEVER buy any radix.website TLD domains.
I am seeing pinggy had the same issue with their .online domain and this actually definitely caused hurt to their business https://news.ycombinator.com/item?id=40195410 (I saw this post from their comment in here referencing it)
</boomer-rant>
reply