Also, you would think that having to implement EVERYTHING themselves ( they are making their own image decoders as an example -- inclding SVG ) would slow them down. However, as it is written in a mono-repo from soup to nuts, this allows them to very rapidly add support throughout the stack. They do not have any of the endless conversation and arguing that happens between components in Open Source. They do not have to work around things missing upstream. If they need something, they add it.
(At PARC we avoided) putting any externally controlled system, in- house or out, on one's critical path. ... Thus, virtually all the PARC hardware ... and software ... were completely built inhouse by these few dozen researchers.
This sounds disastrous, (because) in programming there is a widespread first order theory that one shouldn't build one's own tools, languages, and especially operating systems. This is true --- an incredible amount of time and energy has gone down these ratholes. On the second hand, if you can build your own tools, languages, and operating systems you absolutely should because the leverage that can be obtained (and often the time not wasted in trying to fix other people's not quite right tools) can be incredible.
One more reason to start from scratch: to get the functionality you want from an existing offering, you would also have to include a lot of other stuff you don't need, resulting in unnecessary complexity and resource consumption.
For Ardour, we feel entirely free to just bring an upstream library into our source tree if we need to. And we also have our dependency stack builder that configures and occasionally patches upstream libraries to be just the way we need them. We do not wait for upstream adoption of our patches.
Most recently, for example, we became aware of impending moves by various Linux distros to remove GTK2, which we rely on. Even though we don't support distro builds, we want Linux maintainers to still be able to build the software, so we just merged GTK2 into our source tree.
This idea that using a 3rd party library becomes some sort of constraint is very, very far from reflecting universal truth. If we need to hack a 3rd party lib to make it do what we need, we just do it. Meanwhile, we get all the benefits of that lib. Ardour depends on about 86 libraries - we would be insane to rewrite all that functionality from scratch.
Considering the vast amount of exploits that continually comes out of media decoders everywhere, this basically guarantees I will never ever use this browser.
Edit: Seems like it's using OpenBSD's pledge API? https://www.youtube.com/watch?v=bpRw6KQnY0k&t=8107s
It’s like crypto, you have to be very deliberate with your choices, and it’s generally ill-advised to roll your own.
There would be absolutely nothing sacrificed by using open source, well-tested libs for image decode.
Just because something is widely used doesn't mean it's more secure (example: libwebp). The security issues tend to happen mostly when creating optimizations that bypass the "obviously secure" way to do things, but rely on an internal state that gets broken by another optimization down the line. This is way less frequent in "smaller" projects, just because they didn't need to go through that round of optimizations yet.
For this question specifically, tho, I think Ladybird is extremely interesting in terms of creating a security-focuses C++ project. Between the constant fuzzing that each part of Ladybird already goes under (courtesy of the OSS-Fuzz initiative), the first-class citizenship of process separation for the different features of the browser, the modern C++ used in Ladybird (that prevents a lot of the issues cropping up in commonly used media decoding libraries), the overall focus on accuracy over performance in library implementations, and the compiler-level sanitatization utils (UBSAN, ASAN) that are enabled-by-default, I think it's less likely that an critical security-impacting bug would exists in Ladybird's .ico support than in Webkit's for example.
Don’t get me wrong, how far they’ve gotten is very laudable and as a educational exercise it is really cool, but it starts being a pretty massive risk if users start using this as a daily driver.
