Technology

69347 readers

2971 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

159

Chrome is worth around $50 billion, DuckDuckGo CEO guesstimates (www.techspot.com)

submitted 2 days ago by [email protected] to c/[email protected]

47 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 13 hours ago (1 children)

The modularization was a security nightmare. These plugins needed elevated privileges, a d they all needed to handle security themselves, and as I hope you are aware, Flash was atrocious with security.

Those - yes. But generally something running on a page receiving keystrokes when selected and drawing in a square and interpreting something can be done securely.

And modern browsers have done a pretty good job securing the javascript sandbox.

One can have such a sandbox for some generic bytecode separated from everything else on the page. Would be "socially" same as then, technically better.

[–] [email protected] 1 points 1 hour ago

Let's look at a scenario where there's an exploit that requires a change to an API. With JavaScript, the browser vendor can ship a fix to the API, and web devs update their code. With a plugin, the browser vendor ships a patch, then the plugin vendor needs to ship a patch, and then web devs need to update their code. Some plugin vendors will be slower than others, so the whole thing will see massive delays and end users are more likely to stick to insecure browser versions.

Plugin vendors are going to demand the same API surface as current web standards and perhaps more, so you're not saving anything by using plugins, and you're dramatically increasing the complexity of rolling out a fix.

I think the current web is a decent compromise. If you want your logic in something other than JavaScript, you have WebAssembly, but you don't get access to nearly as many APIs and need to go through JavaScript. You can build your own abstraction in JavaScript however to hide that complexity from your users. The browser vendor retains the ability to fix things quickly, and devs get flexibility.