[hypeatei]

The various web specifications are insanely complex (e.g. navigables) so I can see how people burn out from it. To add onto that, a browser operates in an extremely hostile space security wise; to be a serious competitor, you'll need to be on top of your game in that regard which maybe Rust will help with.

[bee_rider]

Something very silly has happened, where the thing that most non-technical people have which is most exposed to hackers is also incredibly complex and requires high performance for some reason.

[FpUser]

Because the complexity and functionality of the modern (whatever the fuck this means) browser basically approaches one of the OS with all the consequences.

[hypeatei]

Yeah it's a real shame. The complex (and ever expanding) nature of the web is the real thing entrenching incumbents like Google. They have the existing codebase and resources to handle the complexity.

[josephg]

Yeah. I still hope at some stage we build something much simpler that maintains the same security boundary.

Like an application platform (forget documents) built entirely on wasm, and with capability based security. That would let you launch apps made within the platform just as easily as you currently open a website.

The platform would need some primitives for rendering, UI, accessibility and input handling. But hopefully a lot of those APIs could be much lower level than the web provides today. Move all the high level abstractions into library code that developers link into their wasm bundles. (For example, I’m thinking about most of what css does today.)

That would allow much faster innovation in layout engines and other things the web does today, and a smaller api surface area should lead to better security.

It’s quite possible to build something like this today. It’s just a lot of work.

Maybe when chatgpt is a bit smarter, it might be able to do the lion’s share of the work to make this happen.

[FpUser]

>"Like an application platform (forget documents) built entirely on wasm, and with capability based security. That would let you launch apps made within the platform just as easily as you currently open a website."

In the end you will end up with the platform / OS which will lose to competitors because of performance and lack of features and do not expect it to be secure. Developers will manage to leave some holes and hackers will find their way.

[josephg]

Disagree. The web wouldn't be anywhere near as successful if you needed to trust & "install" websites before you could visit them. How does that work? Why don't you need to install / trust a website to use it? Well, because it has this kind of security model. Websites are sandboxed.

The web's sandboxed security model makes it better for users. And that in turn drives popularity.

I think the same could be true for a good application platform. The trick is using the sandboxing + capability based security model to enable "new" usability features that traditional applications can never deliver.

[bee_rider]

Sandboxing has to be the funniest bit of wordplay anyone has ever made in tech. Sand is, of course, notoriously impossible to contain and never stays in the box. And it is not nearly as clever as an attacker!

[PaulDavisThe1st]

The term doesn't come from the idea of containing sand.

It comes from things built for children to play in that have an edge with contents inside it. You play "in a sandbox" without having to deal with anything outside of the sandbox.

The sand in a children's sandbox spills over and gets everywhere. The children playing inside it .. they don't have to care. They are playing inside the sandbox, and for now, the world outside it is not relevant.

[josephg]

Hah true!

My girlfriend has strong opinions about how we use the word "library" to describe a software package.

Surely the metaphor should be that one package is a "book" and the entire package repository is the library, right? Left pad is an entire library? Huh?

And then we have no collective noun for collections of libraries!