undefined | Better HN

0 pointspdkl958y ago0 comments

> Most of the problems with the modern web stem from the failure of browser vendors to implement a good user-centric permissions model.

I suggest that such creating a proper permission model isn't possible, because it isn't possible to determine the behavior of Turing complete programs without running them[1]. Browsers are currently chasing the impossible[2] goal of trying to enumerate badness - often only the known types of badness that fit their permission model.

> I want a simple, limited, fast, secure, document-centric platform

We had that: HTML, before Javascript. Allowing any Turing complete code to run at all will always be risky[3].

[1] halting problem

[2] http://www.ranum.com/security/computer_security/editorials/d...

[3] https://news.ycombinator.com/item?id=15708099

0 comments

5 comments · 3 top-level

Chris20488y ago· 2 in thread

So have predefined, approved functions that achieve 90% of required functionality, who's composition may not be TC.

Anything custom requires permission.

Also, don't crypto-miners need to pass their results back? That's one point of attack - restrictions on what data can be passed back.

pdkl95OP8y ago

> So have predefined, approved functions that achieve 90% of required functionality, who's composition may not be TC.

Aka declarative configuration, which we have already: HTML.

Define new tags for if necessary.

> Anything custom requires permission.

You generate that server side.

Chris20488y ago

> which we have already: HTML

HTML cannot perform 90% of what JS is used for, otherwise the js wouldn't be needed. "Define new tags" might be one way, ala Angular directives, but it would still require notions of safety attached to those directives/functions.

> You generate that server side.

A server-side crypto miner? Websites/apps are increasingly client-side intensive/heavy. Perhaps there is no need for non-generic/safe client side code, but I'm not so sure. In any case, requiring permission to run anything custom would be a reasonable restriction I think.

1 more reply

fauigerzigerk8y ago

There are things that could be done in spite of Turing. For instance, web pages could be granted CPU and memory quotas.

If they want to run JavaScript that uses more than say 5% CPU or more than 300 MB of memory (both on average over 30 seconds) they must ask for permission.

dragonwriter8y ago

> I suggest that such creating a proper permission model isn't possible, because it isn't possible to determine the behavior of Turing complete programs without running them.

You don't need to solve the halting problem to have a good user-centric permission model; permissions are about resources, not computation, the halting problem doesn't address use of resources. Whitelisting APIs, firewall-like control of access to external network resources, and possibly CPU usage limits would be sufficient, with he right UI.

j / k navigate · click thread line to collapse