W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2012

Re: [whatwg] Proposal for a debugging information API

From: David Barrett-Kahn <dbk@google.com>
Date: Tue, 20 Nov 2012 10:34:14 -0600
Message-ID: <CA+iXHYM9PyzXQ0cpOQoEFEg6gGZgpLwDpSSCj=cbUNFEWdpWfQ@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: whatwg@lists.whatwg.org
I'm not sensing a lot of enthusiasm about this proposal, and am guessing it
would be an uphill slog with all the privacy/security issues involved.  I'm
therefore thinking I won't take it any further.  If you feel something
important is being lost here and that you could help me move this forward
do let me know though.



On Fri, Nov 16, 2012 at 6:04 PM, Ian Hickson <ian@hixie.ch> wrote:

> On Fri, 16 Nov 2012, David Barrett-Kahn wrote:
> >
> > Thanks Ian. So here's what confuses me, why is the bar so much higher
> > for traditional webapps than it is for browser extensions, chrome apps,
> > native apps, mobile apps or nearly anything else?
> Browser extensions, chrome apps, native apps, and mobile apps aren't
> anywhere near as secure as Web apps.
> The bar shouldn't be any lower for them than for the Web, but that it is
> is one of the Web's biggest strengths. You can, by and large, follow any
> random link, and be assured that you're not going to get scammed (modulo
> security bugs). If you just install any random native program you come
> across, your machine is going to become a nest of malware.
> > Extensions, chrome apps, and mobile apps have a consent experience, but
> > it's hard to argue that users are making an informed decision there and
> > that the consent experience really protects them. Native apps have no
> > consent experience at all.
> Right. Compare the average amount of malware on a Windows machine to that
> on a Chrome OS machine. :-)
> > I guess I'm hoping you can point me to some guidelines you've developed
> > or which you agree with on where the limits of the web sandbox should
> > be.  I'd rather not force you to re-have a discussion I'm sure you've
> > had far too many times :-)
> I don't think there's anything formally written down.
> --
> Ian Hickson               U+1047E                )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Tuesday, 20 November 2012 19:33:18 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:17 UTC