W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2012

Re: Sandbox

From: Joran Greef <joran@ronomon.com>
Date: Mon, 17 Sep 2012 15:06:09 +0200
Cc: "public-webapps@w3.org" <public-webapps@w3.org>
Message-Id: <B59018D5-8806-4D0A-A07B-A2197831B00F@ronomon.com>
To: Florian Bösch <pyalot@gmail.com>
On 17 Sep 2012, at 2:33 PM, Florian Bösch <pyalot@gmail.com> wrote:

> Security is a pretty serious concern if you're distributing apps without any oversight to billions of users automatically upon a single link click.

You are conflating web apps (trusted, installed) with web pages (single link click).

> No TCP.
> Wrong, see websockets which upgrade to plain old TCP after the handshake.

No, WebSockets are not "plain old TCP".

> 
> No UDP.
> Coming with WebRTC in the form of unreliable data channels.

WebRTC is above UDP. It's not UDP. WebRTC is a massive conglomeration of protocols and codecs and opinions.

> No POSIX.
> Why would you need cross-OS posix standards and operating system shells when you already have a browser which abstracts cross-OS APIs in its own fashion?

How do you fsync in a browser?

> Tim Berners-Lee raised this point first awhile back on Public Web Apps: http://lists.w3.org/Archives/Public/public-webapps/2012JanMar/0464.html
> I believe his point was subtly different. He was arguing for vendors to come up with ways to solve the usecases he mentioned, not arguing to just blast the OS at the JS developer and let the ensuing security armageddon sort itself out.

No, not at all. Nowhere did he ask for browser vendors "to solve the use cases he mentioned".
Received on Monday, 17 September 2012 13:06:46 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:54 GMT