Storage for the web

Поділитися
Вставка
  • Опубліковано 22 гру 2024

КОМЕНТАРІ • 100

  • @squidward7091
    @squidward7091 4 роки тому +3

    I like the part that answers the truth or not of a statement at the beginning of the video. please make more. very helpful.

  • @McQuinTrix
    @McQuinTrix 4 роки тому +1

    Chrome team always advances the web so much faster ! Thank you Pete and the team!

  • @Richienb
    @Richienb 4 роки тому +35

    5:24 Incorrect variable names used for errors.

    • @victornpb
      @victornpb 4 роки тому +21

      good **catch** 😂😂😂

    • @PeteLePage
      @PeteLePage 4 роки тому +13

      D'oh! I always try to double check my code before putting it into slides. Sorry about that!

    • @AnFunctionArray
      @AnFunctionArray 4 роки тому

      An obvious mistake is an obvious mistake unless shadowing which I don't think is the case here.

    • @ChristopherNeurofunker
      @ChristopherNeurofunker 4 роки тому

      :googledevelopers:

    • @akashchoudhary8162
      @akashchoudhary8162 4 роки тому

      @@victornpb Nice pun

  • @GeraldIstar
    @GeraldIstar 4 роки тому +6

    Haha! What a coincidence: I'm reading "Modern Operating Systems" written by Andrew Tanenbaum, and yesterday just read about LRU in chapter about memory management. And here it is :)

  • @Textras
    @Textras 4 роки тому +9

    LokiJS - good in-mem IndexedBD wrapper, but Cache Storage API is great...as was this summary.

  • @LaoZhao11
    @LaoZhao11 4 роки тому +4

    You have full of positive energe, I like it

  • @ChannelyMcChannelChan
    @ChannelyMcChannelChan 4 роки тому +5

    As a user, how do I prevent sites from storing hundreds of MB or even GBs of data in my computer without my consent? I mean something like "Ask By Default", and customizing quotas per-site.

    • @shineymcshine
      @shineymcshine 4 роки тому

      you can usually specify the max size of your browser cache somewhere in the settings. not sure if you can do something more fine-grained. it could be up to the browser to decide what stays in the cache and what goes.

    • @russellabraham9208
      @russellabraham9208 4 роки тому

      Private mode should prevent your browser from saving to storage, as well as not caching many other files.

  • @gregmurdoch3264
    @gregmurdoch3264 4 роки тому +1

    This is making me rethink some of our storage use cases :) - Nice video :)

  • @window.location
    @window.location 4 роки тому +2

    Does indexDB is vulnerable to XSS atack ?

  • @hckhanh
    @hckhanh 4 роки тому +6

    It's incredibly helpful to me

  • @kumarharsh6987
    @kumarharsh6987 4 роки тому +1

    great format. please continue making these

  • @sanjaylord
    @sanjaylord 4 роки тому +2

    Does this allow for PWAs to locally store offline content? Perhaps save huge videos from streaming providers for offline access.

  • @nmoschen
    @nmoschen 4 роки тому +2

    Incredible content, I love this kind of videos!

  • @roshanmenuka7651
    @roshanmenuka7651 Рік тому +1

    Great Content!

  • @taiwobabalola4755
    @taiwobabalola4755 4 роки тому +1

    What kind of user data can your store on indexedDB? Example pls

    • @dealloc
      @dealloc 4 роки тому +2

      I think you mean to ask whether you should store user data in IndexedDB? If so, yes you can store user data, but it highly depends on what it is. Of course you don't want to store sensitive information that could be susceptible to cross-site scripting attacks, and you don't want to store any session/access keys that the user needs for for authenticating to a server, use cookies instead.
      However, it's fine to store small amounts of data, like user data, in localStorage. IndexedDB is great if you have large amounts of data_and/or you want to share the data with web and service workers.
      An example for usage of IndexedDB could be an image upload application, which allows the user to upload images, but allow them to work with those images, by caching them in the IndexedDB, while still uploading to a remote server. This way you provide fast and smooth UX.

    • @taiwobabalola4755
      @taiwobabalola4755 4 роки тому

      @@dealloc thanks, I really appreciate this👍

  • @aquaductape
    @aquaductape 4 роки тому +3

    Are you sure IndexedDB doesn't block main thread?? Just because something is asynchronous doesn't mean it's multi-threaded. Google Best Practices implies that IndexedDB still runs on the main thread developers.google.com/web/fundamentals/instant-and-offline/web-storage/indexeddb-best-practices.
    It's frustrating because I find conflicting sources such as this video, which stats that it doesn't block main thread, and then google link that I shared implies otherwise, this stackoverflow post stats that it does block the "UI"(which i guess means main thread) stackoverflow.com/a/5924778/8234457.
    I want to know for sure that way I can use Web Workers to access IndexedDB, in case IndexedDB runs on the main thread

  • @albertalbaba5101
    @albertalbaba5101 4 роки тому +1

    What if all the app apps are persisted?

  • @omri9325
    @omri9325 4 роки тому +8

    ❤ localStorage

  • @steffenfrese2512
    @steffenfrese2512 4 роки тому

    so the storagemanager API lets me identify a user across pages by just comparing usage and quota bits? 3:42
    I would build an ad that has this implemented, the user can disable cross domain cookies and such, but i will even be able to identify him trough incognito mode and can tell he is currently on p**nhub, ebay, and youtube. All without having to access his location data. Did I get this right?

    • @calimio6
      @calimio6 4 роки тому

      The thing is that in incognito the browser lies to the webs to avoid this kind of tracking tactics

    • @steffenfrese2512
      @steffenfrese2512 4 роки тому +1

      @@calimio6 but thats just chrome and not the other browsers right? also that just removes incognito mode from finger printing but everything else is still possible.

    • @calimio6
      @calimio6 4 роки тому

      @@steffenfrese2512 i don't know if it is common practice between browsers, it should be. And while you are right in some regard, is not the only way to track a person or device. The cursor motion for example is widely use, a good example is the recaptcha tool. What i'm trying to say is that there is nothing inheretly bad with this kind of apis. Buy you are right in the fact that they could be missused

  • @jeyemGFX
    @jeyemGFX 4 роки тому +1

    I'm using React for the first time for a decoupled frontend. Where should I store the user token that is used when talking to the backend?

    • @PeteLePage
      @PeteLePage 4 роки тому

      I've not used React before, so I'm not sure. I'd recommend asking on StackOverflow to see if someone there can help.

    • @caleb_miller10
      @caleb_miller10 4 роки тому +4

      Your backend should set the auth token as an HTTP-Only cookie. This prevents any JS on the page from accessing it (including your own) which cuts off a number of attack vectors, including rogue npm dependencies and CDN scripts. The backend will be able to see the cookie, and that's all that matters.

    • @jeyemGFX
      @jeyemGFX 4 роки тому +1

      @@caleb_miller10 Are cookies transferred automatically when using fetch against the server?

    • @caleb_miller10
      @caleb_miller10 4 роки тому +3

      @@jeyemGFX Yep! As long at the origin matches up, the browser will pass the cookies along.

    • @eformance
      @eformance 4 роки тому

      If you're writing an SPA that authenticates against a separate server than the server you are passing the token to, use sessionStorage API, it's like localStorage but persists only for that browser session. Cookies will only work if the server looks at cookies for the session info, if the server is expecting an HTTP header with a JWT token, then sessionStorage is the way to go, since it does not persist on disk.

  • @andyelgrand0
    @andyelgrand0 4 роки тому +1

    Ok... so a big dream of mine is that the user decides which data is TRULY personal and which they are ok with us storing for them.... I say its a dream of mine because its looking as the advice has changed about IndexedDB which means its a matter of time before it goes the way of mySQL

  • @DenisTRUFFAUT
    @DenisTRUFFAUT 4 роки тому +1

    What is the point in catching quota errors if browser evicts in a FIFO way my cache or other app caches ?
    Unless all cache is marked as persistent storage, it should be fine, nope ?

    • @PeteLePage
      @PeteLePage 4 роки тому +3

      If the device runs out of space, for example a phone or tablet with a small storage space. Or, unlikely but possible, if you're trying to save a ton of stuff, and so is everyone else.

    • @eformance
      @eformance 4 роки тому

      FIFO is not LRU. LRU is Least Recently Used and has nothing to do with the order in which data is inserted into the local storage. Whichever site/record was visited least recently gets evicted unless persistent. FIFO is a pure circular buffer and does not account for age, only order.

  • @bobkelso5681
    @bobkelso5681 4 роки тому +5

    I recommend to use RxDB where you can actually observer queries and stuff. This makes it much easier to create a reactive UI instead of fiddling around with the indexedb API.

  • @ramyhhh
    @ramyhhh 4 роки тому +2

    Wouldn’t enumerating available disk space help with calculating browser fingerprint more accurately? Especially after switching between browsing sessions (incognito vs std)

    • @omri9325
      @omri9325 4 роки тому

      What fingerprint? useragent?

    • @PeteLePage
      @PeteLePage 4 роки тому +4

      I didn't cover it in the video, but incognito handles storage a little differently, and "lies" about the amount of storage available.

    • @barmooj
      @barmooj 4 роки тому +1

      @@PeteLePage I like this lying for good 😉

    • @steffenfrese2512
      @steffenfrese2512 4 роки тому

      @@PeteLePage but that's just for incognito and that's only an edge case most likely only covered by chromium browsers and no one else right?

  • @robottrainer
    @robottrainer 4 роки тому +3

    still going to use local storage and cookies thanks.

  • @anuragvohra5519
    @anuragvohra5519 4 роки тому +2

    When you refer chrome do it means Androird Chrome too ! , do that too has 80% limit !?!

  • @kmcat
    @kmcat 4 роки тому +3

    0:53. Now you've sent my PDSD again.

    • @PeteLePage
      @PeteLePage 4 роки тому +1

      Hahaha - sorry. At least there's a good alternative now. And AppCache is finally being removed from Chrome.

  • @sabuein
    @sabuein Рік тому

    Thank you.

  • @nirajkantsinha
    @nirajkantsinha 4 роки тому

    what is origins which is mentioned many times.

  • @pardal_bs
    @pardal_bs 4 роки тому +4

    R.I.P. KV Storage

    • @DenisTRUFFAUT
      @DenisTRUFFAUT 4 роки тому +1

      Easy to recode on your own with IndexedDB, but yes, it was a great built-in addition.

    • @PeteLePage
      @PeteLePage 4 роки тому +1

      Yah, a little bummed about that one personally. :(

  • @basix250
    @basix250 4 роки тому

    Him: check the link in the description
    Description:

  • @adebiyial
    @adebiyial 4 роки тому +2

    Local storage should be avoided? It depends, that's the answer.

  • @grzegorzt
    @grzegorzt 4 роки тому +1

    Nice rocket on the windowsill :)

  • @biswaviraj
    @biswaviraj 4 роки тому +2

    Noice content ❤️

  • @Maric18
    @Maric18 4 роки тому

    "only 300 megs"
    q.q thats about as much as i have free of my 80 gigs. Why does a random little app need 300 megs of storage, i have games installed that are smaller than that

  • @jerrygreenest
    @jerrygreenest 4 роки тому +1

    Next Level: make this storage P2P, so other users may retrieve its parts (if the request meets your permissions) within an origin

  • @ryanafrish7
    @ryanafrish7 4 роки тому +4

    Ain't this one more device fingerprinting instrument?

    • @nikilk
      @nikilk 4 роки тому +2

      Sure if the api calculates the total number of free bytes in the hard drive you can use that stat for fingerprinting 😄. One of many fingerprinting techniques.

  • @ak689
    @ak689 2 роки тому

    I want to hire you.

  • @blipojones2114
    @blipojones2114 4 роки тому +4

    you're telling me a website could fill up 80% of my hardisk with crap at any moment?

    • @omri9325
      @omri9325 4 роки тому +1

      Yes

    • @caleb_miller10
      @caleb_miller10 4 роки тому +3

      No, 60% ;) However it's easy to find and clean up, since one button can remove it all. I'm more concerned about how native apps might abuse my file system in difficult to fix ways.

    • @blipojones2114
      @blipojones2114 4 роки тому +1

      @@caleb_miller10 ye i remember the spotify issue where the app was making loooads of write and deletes to storage, needless to say it was diminishing the lifetime of the storage media

  • @Ulvis_B
    @Ulvis_B 4 роки тому +2

    If 80% allow hard and one process 60% My mind come trick try glitch of chrome slow down browser and OS ... 😆

  • @erlangparasu6339
    @erlangparasu6339 4 роки тому

    hm it will be chrome security risk because a web could use my disk freespace :(
    i think i will uninstall chrome.
    2gb firefox limit is good for me.

    • @PeteLePage
      @PeteLePage 4 роки тому +2

      Chrome will never use your entire disk, the quota will kick in and Chrome will remove site data automatically.

    • @luciojb
      @luciojb 4 роки тому

      @@PeteLePage his question is my question. Take I have a site and start using the user's disk for storage, and try maliciously to use all space. Even if chrome removes data, isn't it possible for my script to notice and know the limit of the user space, and, therefore, learn how much it needs to fill and just adapt itself?

  • @ConnorAZ
    @ConnorAZ 4 роки тому +1

    Imagine Microsoft blocking google ( domain ) and all google products on its os that's like half users using Google's products now gone 😂 I wonder if I should pitch this threat to larry maybe I'll become the next ceo of google and alphabet for pointing out a potential threat to company like sundar did apart from him being a computer science student and obviously impeccable knowledge about almost everything

  • @skylible
    @skylible 4 роки тому +9

    So... chrome is allowed to use most of my local storage? More reason to not use it.

  • @rdec5448
    @rdec5448 3 роки тому +1

    persistent storage in Chrome is a joke, why not just make a popup request instead of relying on algorithm's decision

  • @albertalbaba5101
    @albertalbaba5101 4 роки тому +1

    Internet explore has become so irrelevant, it is not mentioned.

  • @brunnersamuel4615
    @brunnersamuel4615 4 роки тому

    A guy just lost 60k because hacker got into google picture account and find keypass

  • @JSerJSer
    @JSerJSer 4 роки тому +2

    safari just breaks it....

  • @randomchannelqwert
    @randomchannelqwert 5 місяців тому

    101's comment

  • @justafreak15able
    @justafreak15able 4 роки тому +1

    Stupid safari 🤣