To: rocksolid.programming
The modern web has become a monstrosity that is more akin to an application distribution platform more than anything else at this point and it is a terrible one at that.

It doesn't allow you to choose your own language, you are stuck with the abomination of a language that is called JavaScript. W3C even stated that WebAssembly is not meant to replace JavaScript, it is meant to complement it. What a load of bullshit. It is not possible to access the DOM directly via. WebAssembly. In other words, you will not be able to run other languages without JavaScript intermingling _by design_.

It is highly inefficient and wasteful. Any program written in HTML/CSS/JS is by default extremely resource intensive in comparison to, for example, its C++ counterpart. It hogs your memory, wastes your CPU cycles and drains your mobile's battery. Not only that, but on the desktop every electron program ships their own chromium browser, which is not what one would consider a lightweight program. Same people writing those shitty inefficient programs are devout environmentalists. What a joke.

The modern browser is a beast. A single person can not possibly implement a standard compliant browser on his own. Which is why we are stuck with a few huge browsers and they all suck equally bad.

The design of the modern browser is also not one which has privacy in mind. Data leaks through every nook and cranny. Browser fingerprinting is really easy and very reliable. Who needs IP based tracking when you've got a browser fingerprint that is pretty much unique? Add JavaScript into the mix and they also get your monitors resolution and other configurations that tie the noose around your privacy-aware neck even tighter.

The web should have been for _one_ thing, and _one_ thing only: static interlinked documents. Everything else on top is bloat at the expense of basically everything.

TL;DR: The modern web sucks dick.
--
Posted on RetroBBS

AnonUser wrote:

The modern browser is a beast. A single person can not possibly implement a standard compliant browser on his own. Which is why we are stuck with a few huge browsers and they all suck equally bad.

Very true, and most sites try to out perform eachother with bloat. The web now is completely geared toward advertising and keeping viewers, content is the last thought.

The design of the modern browser is also not one which has privacy in mind. Data leaks through every nook and cranny. Browser fingerprinting is really easy and very reliable. Who needs IP based tracking when you've got a browser fingerprint that is pretty much unique? Add JavaScript into the mix and they also get your monitors resolution and other configurations that tie the noose around your privacy-aware neck even tighter.

It's interesting that browsers do not offer a simple way to block things like screen size, browser size etc. Sites want to look more at you than you look at them.

--
Posted on Rocksolid Light

The web should have been for _one_ thing, and _one_ thing only: static

interlinked documents. Everything else on top is bloat at the expense of basically everything.

Although I agree with most of what you write...
you do realize that you use a platform that goes a bit beyond what you describe above...lol

It's interesting that browsers do not offer a simple way to block things like

screen size, browser size etc. Sites want to look more at you than you look at them.

tbb does that by default.
Posted on def2

  To: anonymous

Although I agree with most of what you write... you do realize that you use

a platform that goes a bit beyond what you describe above...lol

Yes and I believe the modern web was a big mistake which will be extremely difficult to undo.

We should ideally use specific client programs where possible instead of relying on the web, but the damage is already done and now it is "convenient" because the entire infrastructure is built around these obese browsers.

Ideally the web would have stayed static and we would be accessing services through specialized client programs such that the browser would only launch external programs and it would have been just as convenient without it being monolithic, but only if the infrastructure is structured as such. As an example, when browsing to retrobbs.i2p in an alternate reality, the page would redirect you to nntp://retrobbs.i2p:119 and the browser would launch an NNTP client and let it handle the rest.

Nowadays web browsers have NIH syndrome and build everything into the browser. Case in point is the JavaScript PDF viewer in Firefox, there is ZERO reason for it to exist inside Firefox. Launching external applications to handle such things is not even a new idea. It has been possible to do this for ever but apparently browser developers rather implement their own solution and bloat their browser even further than ship an existing solution with their browser.

I believe we need a small, lean and efficient web alternative that does one thing and does it well. Might as well solve the whole privacy fiasco while we are at it. The main hurdle would be to get others on board and get them to offer their websites in an alternative format (other than html/css/js), which will be extremely difficult.

Maybe due to all the smart phone hype some people might get on board if sites load and render in milliseconds instead of seconds.
--
Posted on RetroBBS

The main hurdle would be to get others on board and get them to offer their

websites in an alternative format (other than html/css/js)

firstly: what is wrong with html ?
secondly: what is wrong with css ?
thirdly: what you describe sounds nice, but there is no profit in it, so count out all commercial players. if you want text only, there are newsgroups.
Posted on def2

  To: anonymous

firstly: what is wrong with html ?
secondly: what is wrong with css ?

Both too complicated for my use case. I would also avoid HTML, simply because of the overhead. Look up deserialization performance of XML, then imagine that you would also have the overhead of having to keep track of incorrect HTML and correct it (fuzzy parsing). Using existing formats also come with certain expectations. A developer will think "It's HTML! I know HTML!", then be gravely disappointed because none of the modern features are implemented, leaving a bad aftertaste.

I will probably go for a simple data format that can be compiled down to an efficient and specific binary representation, which can then be deserialized fast and efficiently on end-user clients. The protocol in the place of HTTP would probably be a simple one too, think something like Gopher.

thirdly: what you describe sounds nice, but there is no profit in it, so

count out all commercial players. if you want text only, there are newsgroups.

There is no profit in it and that is OK. I would already be happy with it if a tiny community could form around it. I want basically a bit of rich text with linking. It should ideally become something that anyone could implement in a few weeks, not an entire lifetime. Stylistically it should look modern, yet simple, something like this: http://bettermotherfuckingwebsite.com/

Usenet is great, but it is interlinking and easy use of multimedia what really sells the web (which could be achieved with launching external programs...). One could probably retrofit a usenet client to do this but that is more effort than is worth.

I have a rough draft document that I am currently working on. I need to sort through all my ideas and come to a conclusion.
--
Posted on RetroBBS

There is no profit in it and that is OK. I would already be happy with it if a tiny community could form around it. I want basically a bit of rich text with linking.

well, sounds good to me, although i am not sure about the ratio between effort and gain here.
feel free to use /rocksolid/programming to publish your code, or apply for your own forum if you want something with a bit more options than a thread.

would be cool to have a converter for normal (=bloated) websites to a nice clean text feed, stripping out all the annoying, unnecessary and dangerous stuff.

cheers

trw
Posted on def3

  To: trw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

well, sounds good to me, although i am not sure about the ratio between

effort and gain here.
We unfortunately don't have a real alternative to the web, so from my perspective it's worth a shot.

I also do not think it is _that_ huge of an undertaking, I'm keeping it simple and uncomplicated to give others the chance to write their own implementations. I want to avoid a one-implementation standard in the long run, if possible...

feel free to use /rocksolid/programming to publish your code, or apply for

your own forum if you want something with a bit more options than a thread.
Thank you, I'll let you know if I need something more than a thread. I think with the way Usenet does threading it shouldn't be an issue to discuss ideas independently of one another easily.

would be cool to have a converter for normal (=bloated) websites to a nice

clean text feed, stripping out all the annoying, unnecessary and dangerous stuff.
I am still deciding in which direction to take this, but this would be something I would also like to implement.

I'll use this opportunity to also post my public GPG key, to prevent imposters down the line. I don't know how likely that is, but I'll just post it here anyhow.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: User-ID: crowbar <crowbar@mail.i2p>
Comment: Created: 26/10/2019 14:17
Comment: Expires: 01/01/2030 12:00
Comment: Type: 4096-bit RSA (secret key available)
Comment: Usage: Signing, Encryption, Certifying User-IDs
Comment: Fingerprint: A4460A9DE1AC2FB8DD21723427DBFF1D0324D351

mQINBF20OUQBEAC0ERd4Eb4P1eOdUgErgOXq4DLukswDB3qGa0JqO54j5myRW+Mo
May4IEV/ssw8cLSh48pB3F7COm8Xx1k58A8QAVEeNJPJlXSehygZKAiAkQrrm+tk
AGfSDh2akmzc0noQ33Desk/ZDSnK4FQvytpbclyIHZgCfGl4UgFwseROYGUbcuG+
5Sa7CwWy4YCvYAMOfP5F5D2Whzi5FeAMDJB7DboRR62pOQBhhF0lzU2X/tQv6xzU
3Zpril9Vsy3K9JfdZMCTFQ+rooGHzdu4Lsf3MigG8W73vk3i7+DlCeE2o8GcWgAt
geTU+glXrMXOUF/+VETavmDEPBbo0ZlaYJwgKJn9sYy/FTUJUM4lj+7FrgOrcLO8
vQv5JbnQ0vZoj3sk5FI/uduLBlq8Kcqi372Lh90Jbsx2YawM94UkStJCDxgtoCvd
jzzbgtFIyirmJ1hNIOuu4SsqOPMxD0mxKTDWbgWBfZ8JpF3EswiypmfMPg27k+7W
4eI79ua6/TZzPtj+dcTX8YepDPaN9k+/Pyv3sZwILPR2CWXPJqBtDBHKUG/vfiKb
WN79ktYHpczpHebGdN3rOVyxNMBsnVfy6pMtlCPLxHpuXNQ+kinHI/eFtK5z9dVp
3SZ8QyNkzukm83h3X+QsAWGifJD/KPSdtZcRXsL3U8NAhiegQG7BS9JtyQARAQAB
tBpjcm93YmFyIDxjcm93YmFyQG1haWwuaTJwPokCVAQTAQoAPhYhBKRGCp3hrC+4
3SFyNCfb/x0DJNNRBQJdtDlEAhsDBQkTKDnsBQsJCAcCBhUKCQgLAgQWAgMBAh4B
AheAAAoJECfb/x0DJNNR0cgP/At09LKA8kuusn668cfN4N89mFbiGtyp9QIt2DnE
ZaVI+WyuxXJuvgJdZUP1cI4oDe6WQVBuvKVioXFd5ZsHkZtHCbp5t6zufFPBcm14
ITXrM8bK3rxIELyByrN+CTTjauqCTUaMMee5Aa7ZjmYsQBuMLsn3gPeP8GuFbwcE
LzzLuRYzfE4A6tzTuUxMKV+uVkwApw57akcCsx8CgOTSygjUsj3HLqtPMMn9DyAs
uBJflh9dePPFj5XAjLqsv+nnJmK6Y6hhslTTXItaZi4bjit13hxhpY8zkeE8wNVf
24stgZjOFP7ovDkI+clbxk2UCxWypxnExZ97sO3PKsMjmYQqEZyYnj1l3VlJOsya
XzUyrinelfLBTdLZJCZE8LpvPSlT3b7HQzXBlobc688H14LDT/SMlJ4axGF+05kI
Iz9S6jhrY8LBOnItdZSTMnaGczrBF6alVIbzxQKSqxMOY8XvZsugdEcAhJiBEJd6
7UB3I5YZNwaq5OCHDM5/LVwn26x50J1C8PNSabB5x1cR6iNduiBUCDVKO9miw7h4
PBo2YS/m6y8kJ1saMJOoyZaPuPjynKQVqDdprLqtNkCKN0lKTn9fGZvhE73qJu+f
nsHKzoVYZHacgCqaYPoqTf0U+ItGq8JEUPFHaVvIVulEgAMsy3CZihnSoMGyTFRB
H7KVuQINBF20OUQBEADdlAB4CTDimh9vtUOIO39O91iqsmNlAnisRYkPdBsluR0a
1SwCaoz/HE00HKU26pg2kmkyrN4se2fLHEgywSGrsS01nw8XSi+sNXjoTT4xvSWn
/Z2ycjNoQ4AQUPOE2kXiM4XdQHf2V0WihPbhCr3W+QxxmlyhPOqyzW90VBBeC1iY
n0yM+VLeMaOd0rXYX7kAbWCbQ18tSCQdbUuOdaARH5dSOgCgy2XlMFI5cEdjFJmV
NrOewJpNsB3ohDkEa7bJ+wV5tzMvzgA1HJhkqaYi8cldCPPROCS2pC43BJDQfmJy
HOtTm9TR+VYv46S7qD8xDSbQ2W8CFF6o4JbPII5AR65+TKjFjGIXyeQ33o/Bb7IH
u/qBevuZDkNO7LVi+ZoRwFgPL0Hqje77Mmpod5ARoHY9ov2zURVgwTR6AtSwam5K
FHNIQxlBMsmAqcS3tv0qTt9by0v4QxOnSI9DEcIns/Gy5iGBui7507AgzlfNO38D
qzDpO873uvjkmwq6Y94BoD+hMasQoyjuubDkynbbHv3Y6f+0yQlmzGPESQPGzL5z
Ow7a6zLQzSS15nTDExLgvSpXjrZ7BPP+/JQpTBSva6BSb4Hk8Y29vmBKBwFBd431
ysAMFNaJxJm3elP8BImzU6AEfE/uOzNny0OrTjQXK2rKuoB1W1FeEs9x3UtjaQAR
AQABiQI8BBgBCgAmFiEEpEYKneGsL7jdIXI0J9v/HQMk01EFAl20OUQCGwwFCRMo
OewACgkQJ9v/HQMk01HnDA//YyMwXEQNvKAebumWXprw0Xzk/rKeNmJioegCbs1V
oNq5okTfnH/LZLaR8wFf47ZUNkS1ZlqvGJrNQjokDDW5TDsIojx7stHNyMnMQqU2
khBLFS923X9Ms7a2mL/DFLl6JMqJzmZNvIF9455j/j/oQT/Hts/jU7J4icCnELL3
XYaCRekphuIhLwXCfDXigrRWTSA8TqG6RGZSXDLmHLjiSjCPyaatZ8bbirq6WnJ9
ZmTtbKaGpB+GIepQxi//GaMYLuLaSRm/i9lyZ10u5dm8GIN2Iy0GlaO8Q/IZzn0e
M2RF22xcbwgj5Ps/vJW8XErXpJLFm+bSeOCEtMXrDSU1d51ZC1SF3jruWtyDQarp
heCo196cdM0Rhc/+BlYDBUbQJQiiqFktQJEU+REAjriRnm3aG4+cSGula9JVCN2I
E++Wp3wBEUYZnnLbfM58VtFc5sm/PxhaVTEEGVv+vBX3vh6pvjkdZ8C+lcVKdoWc
9L/Ztt4c7UmqGSDAJqWquFN/xhEPdNlTBjGfvl8+CkGKKudJesn6Tj/97sX1iemC
MGXUjoSflkzV4Y7lkfdd8zhPNypHDNOeL5JUby4Udpm2Q+iH9y6eO+bahM28vgFg
1lAfQMqwCnNOS8L/16bzFZc0S6qbuDW/ZXjLBqtEJFbf/ZcSH0Kn/5OkfaGe5u3s
hO4=
=B1xk
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpEYKneGsL7jdIXI0J9v/HQMk01EFAl20PbkACgkQJ9v/HQMk
01Hxbw/+NuECtHJFCrlUYgxOkS44Z8PUogIPR2RaZkVa0I+nv72BbjKHeq8sVky4
3YqqjtFsBomOdB/1KyWKmZHzWMVA3Xw5ip8ATdlx3znYQkbMm0xmns+HAklqUJLH
o87nwEridQsqy/H89f2hMSijakazR5d1sF9K6S2+fQdYI5FvbZAu+sx8hcBFMMe4
bv6Pbi1xpP5WBYaLxuGCAXKeI3iZgAZXgPzvRUGv0Fhqad5uFlbIlp5mpJz6qEwG
F6zzL7jh5k0cbNdWbpwlFj4QIffztf2WJcdUrrL1ENRVNBSBJ0AsZSaqlQFWkUO2
IaAWnHA0wUqWSlAWuCr8A+yCbHwiSHaQmWSmI2/YxYvE/cC6zkprnh/vaXvChs+D
04tP4YOKoJ4rX9233yNUiOBYUMpSfrdAxn1aZpr8BrUUdIloQRuw0k9RlIiOtk73
PvzemZH88uaZzJDnrgjrxdOOAKLsbs3ccZgEIq1T40hzQsCCUN0EVyRHIsJPOLCA
+gE50eFw9a07AR893QKeZJ7/4qAS2ZhEHfmcQtbxOCDRj4auo0mWOTq67V7NwY+n
TU8mOz2Fu59oWyOzTOSM3UO3F7ud76rvNrIRGOnEGbZMlW4HoQVaCA4NWsUiBfpN
8F5uJNcwrQZOJtvAmUPLLOvOXrZQR1iWx6F4cquWUIeO/s10LpY=
=cwzM
-----END PGP SIGNATURE-----

--
Posted on RetroBBS

  To: AnonUser
I'm going to be posting my ideas below this, maybe you guys also have some ideas to share. The ideas should ideally be scrutinized keeping the following priorities in mind (descending priority).

1. security
2. privacy/anonymity
3. user experience

While user experience is lowest, I still want something that is usable by the average mortal. The elderly should ideally also be able to use it with very low schooling (if any at all). Preferably, for Windows, all you would need to do is download and run. On Linux based operating systems you should only have to install it through a package manager and it should be good to go.

I want to avoid unnecessary pre-configuration by the user. Security and anonymity should be the default configuration, but experienced users should also be able to override any security measures if they really want to.
--
Posted on RetroBBS

while i agree with your priorities, i think you need to define a bit more on which level you want to work. there is a lot of code already, addressing all three targets that you listed on different levels.
reinventing everything seems pointless imo, so you need to decide what protocols you are going to use to achieve your purpose, and at which point you will implement your own code.
i guess this will be part of your stacK:

http/https
tor
tcp

then on top you will parse the content and do something with it.

just guessing here, really...
Posted on def2

  To: anonymous
I will post my ideas in detail when I find the time to do so. I have a lot going on right now so I wasn't able to do that.

i guess this will be part of your stacK:

http/https
tor
tcp

Somthing like this, I'm thinking:

custom protocol
Tor and/or I2P
TCP / UDP

HTTP and the way current browsers use it is what I want to avoid. I would basically remove everything from the HTTP protocol and I'm then left with something that doesn't even resemble HTTP in the slightest, so I might as well go with something custom. I'm thinking something along the lines of Gopher, but even that has indices that are not required, because it will work differently.

TLS or something similar isn't needed right now, as I intend it only to be used through Tor or I2P (at least for now). It will only be required if it gets somewhat popular and people actually want to use it on the clearnet.

I'm not going to reinvent the wheel for Tor or I2P, they are good anonymization networks that work just fine.

then on top you will parse the content and do something with it.

Yes, I'm still working out some ideas on "how" it should be done. I'll post one of my ideas on how to handle media after this.
--
Posted on RetroBBS

  To: AnonUser
Having a static web on its own with text-only would solve all the privacy and bloat issues we are having, but we would like a lot of the convenience of current browsers without the privacy, anonymity and performance issues.

This can be achieved by launching external programs which we trust, rather than having the browser handle everything. The idea isn't by all means new, and browsers were able to do this for practically ever. To view an image, you could download an image and then make your browser launch your favorite image viewer to display that image.

There is however a problem with this approach: it spawns new windows and that image is no longer part of the "document". We've also had the ability to display text and other media like images side-by-side inside the browser for ages.

What we do _not_ have, is the ability to replace our browsers internal image viewer easily. We also can not sandbox it externally, because it is part of the browser itself.


Here's what I'm proposing:


The browser that I envision, downloads media and launches an external program to open said media, but it embeds the external program (using the window manager) optionally and on demand as if they were part of the browser itself.

This has some nice properties:

* Browser becomes very lean
* Image (or media in general) viewing functionality is _completely_ separate from the browser, while at the same time it looks as if it were part of the browser to the user
* User can easily allow/disallow media entirely
* User has the ability to easily swap his image viewer (or media viewers) to a different one
* We do not have to modify existing external programs, they will work as-is with our browser
* We have the ability to optionally sandbox media independently of the browser

Note on sandboxing and Linux: if we use X11 then it's pretty pointless with regards to security, but sandboxing on Wayland could be interesting. Sandboxing would however be helpful in ensuring no data can accidentally leak over the network by removing any networking permissions the external program would otherwise have.

Note on embedding: it's trivial to embed windows in X11 and Microsoft Windows into other windows. I do not know if it's trivial on OS X, iOS and Android, which I will have to look into, as I would like the browser to also run on those.

The same idea can be applied to other media and is not limited to images, for example: video, audio, etc.

I also thought about the possible issues with this idea:

* The external programs may have exploits and we can not guarantee that they don't, without auditing them ourselves (this is a hard problem)
* The user can, at his own risk, use different programs for which we can't guarantee anything
* As mentioned earlier, sandboxing is nice but on Linux with X11 it is quite pointless with regards to security. Thoughts/criticisms/comments on this are welcome and appreciated.
--
Posted on RetroBBS

as I would like the browser to also run on those.

this suggest the language to be used to be java, python or something like that (unless you want to maintain a separate codebase for each system).


Posted on def2

  To: anonymous

this suggest the language to be used to be java, python or something like

that (unless you want to maintain a separate codebase for each system).
The two languages that mainly come in question for me are: Haskell and C++. I would prefer a single codebase, but maybe I'll have to bite the bullet and go with separate codebases down the line. I did read that the developers of subsurface were able to reuse their entire core logic on desktop and mobile operating systems. I think they did it by having their core logic as a shared native library, though I did not read into the specifics.

Haskell is my preferred language because of the anal type safety and decent performance. However, I will write a prototype before I start implementing the browser to see if I can achieve my desired performance and memory usage. If I'm not able to, then I will either try something like Ivory (typesafe Haskell eDSL to generate C) or go with C++. I'm not dead set on Haskell, but I would highly prefer it.

As for the operating systems themselves:
In the beginning I'll likely start off with a Linux prototype and a Windows port shortly after I have the core functionality implemented. It will be ported to the other operating systems later down the line, getting Linux and Windows in a usable state is higher priority simply because the implementation and the ideas need to be tested in practice first.
--
Posted on RetroBBS

Haskell is my preferred language because of the anal type safety

For anal safety use patience, a good rubber and lots of lube...lol
Posted on def2

  To: anonymous

For anal safety use patience, a good rubber and lots of lube...lol

I will take your word for it, you seem to be very experienced in that matter lol.
--
Posted on RetroBBS

  To: AnonUser
With the first method I described using existing external programs to handle the media for us by launching them in a sandbox with command line parameters to open the downloaded media. This method is basically like the first, but instead of downloading the file we provide a standardized stream API to access the file and/or content through the browser.

In this situation the browser will merely act as a gateway to the media. If the browser needs to display an image, then it would launch an external program and give it a local port to connect to. From there on the program will communicate with the browser and receive the media as a stream of bytes.

The advantages of using this approach are:

* standardized way to interact with external programs, instead of using command line parameters which are program specific (would likely require "launch profiles" for external programs)
* live-media such as live streams can be easily proxied through without requiring a separate mechanism like with the first idea
* it would be easy to extend the browser to act as a transparent proxy for certain types of interactive media like IRC, through which all data is sanitized for anonymity (for example: when the user click on an IRC media link, the browser provides a local port through which the IRC client will connect through and the browser acts as a benevolent man in the middle)

The possible problems and or disadvantages I can see are:

* external program developers will have to implement our stream API for certain types of media. The chicken and egg problem of popularity is going to require us to implement support for it in external programs (extra work)
* does it really make much of a difference in the end? compared to the first idea it's basically the same but just a different method to pass on data.

I suppose this would be the overall the "cleaner" method to implement media handling, but would also require a lot more work than with the initial idea. I do not know if the amount of work is worth it in the end. Maybe extending the first idea with benevolent man-in-the-middle capabilities for certain interactive media (for example IRC) would be a more realistic approach than shoehorning everything to use a stream API.

Media sanitization can also be done with the first idea, but I'll make a separate thread for that.
--
Posted on RetroBBS

  To: AnonUser
What do you think about media sanitization in general?

Say our browser downloads a PDF and wants to display it. Instead of passing that PDF directly to a sandboxed external program it would first "sanitize" it. Sanitization basically means that we take the PDF and strip everything that is a possible security concern or could cause your anonymity to be compromised. (e.g. links inside a PDF)

Media sanitization isn't trivial unfortunately. You need to implement a parser for the format and also a sanitizer. You also must know how the external program could possibly cause security issues and / or identity leaks. Interactive media such as IRC can also be sanitized the same way, but in this case we must implement an IRC man-in-the-middle.

PS: This wouldn't be a replacement for sandboxing, it would be in addition to it.
--
Posted on RetroBBS

  To: AnonUser
In retrospect, scrap this idea. We'd end up basically with complexity and bloat we don't want.
--
Posted on RetroBBS

In retrospect, scrap this idea. We'd end up basically with complexity and bloat we don't want.

my thoughts exactly. also you would increase the attack surface by far.
Posted on def3

  To: AnonUser

The external programs may have exploits and we can not guarantee that they

don't, without auditing them ourselves (this is a hard problem)

hard problem

This is my understatement of the year.

Image viewers:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=feh
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=eye+of+gnome
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=okular
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=imagemagick
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Shotwell

Video players:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mpv
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mplayer
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=vlc
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ffplay
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=smplayer

3D object viewers (just for shits and giggles):
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=blender

IRC clients:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=hexchat
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=xchat

Sandboxes:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bubblewrap
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firejail

These are only the known vulnerabilities that have existed. Who knows what nastiness lies in those codebases. Programs which aren't too popular don't seem to show up and I have omitted them.

God fucking damn it.
--
Posted on RetroBBS

These are only the known vulnerabilities that have existed.

If opsec is the absolute paramount parameter than restricting the content to ASCII text will go a long way imho. Dealing with all kinds of different file and stream formats is complex, and with complexity come bugs, some of which will be exploitable. Just a fact in programming.

trw
Posted on def3

  To: trw

If opsec is the absolute paramount parameter than restricting the content to

ASCII text will go a long way imho.
I agree, it is the safest to just restrict the content to ASCII text, but I'm not really happy with that alone. I think a plaintext browser is far too restrictive and imo kind of pointless without other media. At minimum I would expect images to be available.

Maybe the degree of security should be controlled by the user, perhaps with different security levels:

0. low security      - "embedded" media downloaded and displayed in sandboxed "embedded" external program.
1. standard security - select formats that aren't considered "risky" (images of certain formats, maybe?) are downloaded and displayed in eandboxed "embedded" external programs.
2. high security     - ASCII text only, with media only being downloaded to disk and never opened.

There is also something interesting that I've been reading about recently: formal verification of software. In other words the software is produced using logical proofs using a proof assistant, such as Coq. Something similar is possible with Haskell, but because Haskell isn't a proof assistant (no dependent types, no totality checker) it can only be used to semi-formally verify the program being written.

Just a random thought, but maybe having a formally verified implementation of the decompression algorithm of a popular image format and an associated program would be interesting down the line.

formally verified C compiler: http://compcert.inria.fr/
Haskell "semi-formal" development: https://iohk.io/en/blog/posts/2018/06/04/semi-formal-development-the-cardano-wallet/
--
Posted on RetroBBS

Maybe just a crazy thought, but why don't you just use a subset of the pdf format ? You have nicely formatted text and pictures, and you can gradually allow other media as well, if you want.
Of course you would have to exclude all the nasty scripting and and remote fonts stuff...
Posted on def3

  To: trw
Hmm I'll look into it. Got myself a copy of the ISO 32000:2008 standard (PDF
1.7) from here:
https://www.adobe.com/content/dam/acom/en/devnet/acrobat/pdfs/PDF32000_2008.pdf

I just glanced over it for now, will have to read through it in detail. There
are a lot of features I didn't even know PDF had. Though I think I would end up
with the same issues that browsers face today, even if I strip it bare:
everything being built-in and hard to replace individual components. At least
that is my line of thinking.
--
Posted on RetroBBS