undefined | Better HN

0 pointsmeaty13y ago0 comments

Yes I do know how hard that would be. I didn't say it would be easy.

Actually the browser is a non-universal OS which has several vendor extensions and incompatibilities which poke you in the eye day after day.

It's like the UNIX fragmentation in the 90's (OSF/1=Firefox, HPUX=Chrome, Solaris=IE, UNICOS=Opera).

It's possible to build something without holes. You just have to hire the right people and actually think about it before adding shitty features.

0 comments

11 comments · 5 top-level

Jach13y ago· 4 in thread

How many downvoters really think that making bug-free software is effectively impossible? (I suppose we must leave some meta-uncertainty about the truth of math.) Sure, many programmers would be out of work if they no longer had a large bug database to work on, but there are numerous areas in hardware and software design that have incredibly low (or 0) bugs. NASA's work is usually brought up in these conversations, for instance. Does everything need to be designed and constructed so carefully? Probably not. But I would love it if a standard web browser was, given how important the browser is.

jiggy201113y ago

I would be amazed if there was anything out there with 0 bugs.

All you can really do is test the hell out of something until your chance of encountering a bug during actual use becomes vanishingly small.

You might be able to engineer a browser in this way but it would just be so ludicrously far behind all of the buggy insecure browsers in terms of functionality that it's security benefit would be close to zero because nobody actually used it.

politician13y ago

That's a really important observation that bears repeating: the browser used to be a novelty application among peers, but it's increasingly become the platform upon which those applications are built. It's become a mission critical process, much like the kernel code.

mikeash13y ago

It's not so much effectively impossible as it is not possible to win with it in the market.

NASA has been able to produce high-quality code, but even their stuff is not 100% bug free. Even if you consider it to be close enough, their cost is incredibly high for the amount of functionality, perhaps 10-100x the usual. So while you're slowly building a nearly-bug-free system NASA-style, you get beaten to market by another guy with a buggier system that gains popularity and becomes entrenched before you even ship.

kyllo13y ago

Yes, NASA uses formal methods to exhaustively test every possible state the system could enter during execution. This type of testing can cost several hundred dollars per line of code. And it still doesn't prove that the code is 100% bug free because the absence of bugs is not empirically provable.

But on the other hand, as others have pointed out, browsers are now an important enough application platform that they probably should be tested to a similar standard as an OS kernel is.

Personally, having been warned time and time again over the years that IE is one of the least secure browsers available, I just won't use it anymore (except for work-related purposes in a corporate environment where I'm forced to use IE). IE's reputation is terrible for a reason, and I think we're seeing that the buggier, more popular/entrenched system that burns its users over and over again will eventually fall out of favor.

Certainly there's something in between the extremes of Microsoft and NASA in terms of testing and debugging standards.

pixl9713y ago· 2 in thread

>It's possible to build something without holes.

http://www.schneier.com/blog/archives/2009/10/proving_a_comp...

I'm guessing you're planning on releasing your document viewer/OS sometime around the head death of the universe.

meatyOP13y ago

While I respect Schneier for his views, this is not one I share.

I've worked in the defence industry. The cost of mistakes is very high. In my case I designed communication systems. I have one in the field which was verified mathematically and no defect, vulnerability or bug has been found in 18 years despite counter attacks. This covers the hardware and software portions of the design.

As for my OS or document viewer, 5-8 years is enough time.

pixl9713y ago

In which time your program don't exist because your OS/Word processor business doesn't survive on the taxpayer teat.

The problem is for businesses, most customers pay lot for features and new shiny and give a lot of lip service to the security part.

The problem for open source is, most developers spend their time on features and new shiny, and the security ramifications are an afterthought.

duncans13y ago

> It's possible to build something without holes. You just have to...

bozo bit: flipped

1 more reply

killahpriest13y ago

Stop being naive.

derleth13y ago

> OSF/1=Firefox, HPUX=Chrome, Solaris=IE, UNICOS=Opera

Oh, this is fun:

Xenix=lynx, BSD=Konqueror, Plan 9=Uzbl

http://uzbl.org/

j / k navigate · click thread line to collapse