List etiquette Re: Sandbox from Charles McCathie Nevile on 2012-09-17 (public-webapps@w3.org from July to September 2012)

From: Charles McCathie Nevile <chaals@yandex-team.ru>
Date: Mon, 17 Sep 2012 15:23:58 +0200
To: Florian Bösch <pyalot@gmail.com>, "Joran Greef" <joran@ronomon.com>
Cc: "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <op.wkr7h8vdy3oazb@chaals.local>

Hi folks,

this discussion is interesting. But it is not relevant to this mailing  
list, which is for working on specific APIs and other specifications.

If you would like to propose a specific work item, or offer some use  
cases, requirements, tests or text for one that is either proposed or is  
in development, you're in the right place.

General discussions of the form "the web rocks/sucks because..." such as  
this one are more likely to be relevant to www-talk or your favourite  
social network.

(As a generic reminder, technical discussions on topics that have been  
decided to be out of scope are equally off-topic)

cheers

Chaals (co-chair)

On Mon, 17 Sep 2012 15:06:09 +0200, Joran Greef <joran@ronomon.com> wrote:

> On 17 Sep 2012, at 2:33 PM, Florian Bösch <pyalot@gmail.com> wrote:
>
>> Security is a pretty serious concern if you're distributing apps  
>> without any oversight to billions of users automatically upon a single  
>> link click.
>
> You are conflating web apps (trusted, installed) with web pages (single  
> link click).
>
>> No TCP.
>> Wrong, see websockets which upgrade to plain old TCP after the  
>> handshake.
>
> No, WebSockets are not "plain old TCP".
>
>>
>> No UDP.
>> Coming with WebRTC in the form of unreliable data channels.
>
> WebRTC is above UDP. It's not UDP. WebRTC is a massive conglomeration of  
> protocols and codecs and opinions.
>
>> No POSIX.
>> Why would you need cross-OS posix standards and operating system shells  
>> when you already have a browser which abstracts cross-OS APIs in its  
>> own fashion?
>
> How do you fsync in a browser?
>
>> Tim Berners-Lee raised this point first awhile back on Public Web Apps:  
>> http://lists.w3.org/Archives/Public/public-webapps/2012JanMar/0464.html
>> I believe his point was subtly different. He was arguing for vendors to  
>> come up with ways to solve the usecases he mentioned, not arguing to  
>> just blast the OS at the JS developer and let the ensuing security  
>> armageddon sort itself out.
>
> No, not at all. Nowhere did he ask for browser vendors "to solve the use  
> cases he mentioned".
>


-- 
Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex
       chaals@yandex-team.ru         Find more at http://yandex.com

Received on Monday, 17 September 2012 13:24:34 UTC