W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2012

Re: [whatwg] Proposal for a debugging information API

From: David Barrett-Kahn <dbk@google.com>
Date: Tue, 20 Nov 2012 10:34:14 -0600
Message-ID: <CA+iXHYM9PyzXQ0cpOQoEFEg6gGZgpLwDpSSCj=cbUNFEWdpWfQ@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: whatwg@lists.whatwg.org
I'm not sensing a lot of enthusiasm about this proposal, and am guessing it
would be an uphill slog with all the privacy/security issues involved.  I'm
therefore thinking I won't take it any further.  If you feel something
important is being lost here and that you could help me move this forward
do let me know though.

Thanks,

-Dave


On Fri, Nov 16, 2012 at 6:04 PM, Ian Hickson <ian@hixie.ch> wrote:

> On Fri, 16 Nov 2012, David Barrett-Kahn wrote:
> >
> > Thanks Ian. So here's what confuses me, why is the bar so much higher
> > for traditional webapps than it is for browser extensions, chrome apps,
> > native apps, mobile apps or nearly anything else?
>
> Browser extensions, chrome apps, native apps, and mobile apps aren't
> anywhere near as secure as Web apps.
>
> The bar shouldn't be any lower for them than for the Web, but that it is
> is one of the Web's biggest strengths. You can, by and large, follow any
> random link, and be assured that you're not going to get scammed (modulo
> security bugs). If you just install any random native program you come
> across, your machine is going to become a nest of malware.
>
>
> > Extensions, chrome apps, and mobile apps have a consent experience, but
> > it's hard to argue that users are making an informed decision there and
> > that the consent experience really protects them. Native apps have no
> > consent experience at all.
>
> Right. Compare the average amount of malware on a Windows machine to that
> on a Chrome OS machine. :-)
>
>
> > I guess I'm hoping you can point me to some guidelines you've developed
> > or which you agree with on where the limits of the web sandbox should
> > be.  I'd rather not force you to re-have a discussion I'm sure you've
> > had far too many times :-)
>
> I don't think there's anything formally written down.
>
> --
> Ian Hickson               U+1047E                )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
>



-- 
-Dave
Received on Tuesday, 20 November 2012 19:33:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:11 GMT