Post 9hHcc62WX7LLbKA1C4 by Shamar@framapiaf.org
(DIR) More posts by Shamar@framapiaf.org
(DIR) Post #9hGhxruU3Kv2lJdoH2 by mala@mastodon.social
2019-03-29T07:29:30Z
0 likes, 1 repeats
One of those weeks where I hear a technique (in this case “capabilities”) for the first time in ages, then it pops up everywhere. @cwebber, I presume you saw this: http://wasi.dev/ and this https://bzdww.com/article/163937/ ?
(DIR) Post #9hGhxs7FHt7xOtc0AK by natecull@mastodon.social
2019-03-29T08:17:11Z
0 likes, 0 repeats
@mala ooh! This is interesting. So WASM might well grow into the new.... Java?Or the new .NET.Or the new Javascript.Take... something... at a modern managed-code runtime, anyway.It's gotta be better than Javascript in that it's not as big.... right?
(DIR) Post #9hGhxsYXeOxglYNniC by 361.xj9@social.sunshinegardens.org
2019-03-29T16:20:45.892233Z
1 likes, 1 repeats
@natecull @mala still not sure why we need a universal portable bytecode and wasteful JIT everywhere. if you are going to AOT, why not compile to the specific target arch instead?
(DIR) Post #9hGioyeNitgL0yQwrI by Shamar@framapiaf.org
2019-03-29T16:25:23Z
2 likes, 5 repeats
@natecull @mala @Shamar No.#WASM is way more dangerous than #DotNET or #Java as its execution is not under the conscious control of the user.There is no way around this: if you run a runtime that automatically executes programs served by a stranger over HTTP, your security is at risk.The server (or a #CDN, or the #hosting provider or the #cloud, or a #Cloudflare like #MitM) could identify you through the data they get from your navigations on other websites and customize that #program.
(DIR) Post #9hGioyvkgJZnsqYovw by Shamar@framapiaf.org
2019-03-29T16:29:06Z
1 likes, 2 repeats
@natecull @mala @Shamar There are mitigations (that browsers' vendor refuse to adopt despite them being relatively easy to implement at that level), but the #bug here is at the design level.The #Web as a surrogate of a distributed operating system is flawed.And such flaw is currently being exploited in the wide by the Russian Government (mainly against their citizens): https://bugzilla.mozilla.org/show_bug.cgi?id=1487081#c16
(DIR) Post #9hGjjxeC7nmMPUWBZQ by cstanhope@social.coop
2019-03-29T16:34:06Z
1 likes, 0 repeats
@xj9 I want to cheekily answer "Proprietary software". Compile once. Have an opaque binary blob that you can pass around for years without ever needing to touch (or show anybody) the source code. However, there are other considerations. This approach shifts the work of maintaining compatibility from the developers of the application to developers of the platform. Instead of N applications being ported to M platforms (NxM), you instead just have M platforms supporting this VM.
(DIR) Post #9hGjjxqbNfhh1yK5uS by 361.xj9@social.sunshinegardens.org
2019-03-29T16:40:40.015869Z
0 likes, 0 repeats
@cstanhope ah yes the java pipe dream
(DIR) Post #9hHaunv1vkWezgRrCS by kragen@nerdculture.de
2019-03-30T02:36:34Z
2 likes, 0 repeats
@mala well, the capabilities conspiracy have been infiltrating standards processes for a while now ;)
(DIR) Post #9hHaxVbgTEsD4KgmMy by popefucker@cybre.space
2019-03-29T20:42:48Z
0 likes, 0 repeats
@Shamar @natecull @mala @Shamar it's a pretty trivial addition to a browser to make allowing specific wasm/javascript to execute be opt-in.
(DIR) Post #9hHaxVz54FaYEtdSq0 by popefucker@cybre.space
2019-03-29T20:48:24Z
1 likes, 2 repeats
@Shamar @natecull @mala @Shamar wasm is objectively better than javascript as a programming language because well, its virtual machine is much more sane.And as the linked article notes, you can use capabilities to actually put stronger runtime limits on particular wasm programs, which is not really possible with java or dotnet afaik.Capability-based security is the foundation of many verifiable programs such as seL4. Wasm is also designed with verifiability in mind, unlike javascript, java, or dotnet.
(DIR) Post #9hHb3foJRjx8S7XG5Y by Shamar@framapiaf.org
2019-03-29T23:01:00Z
0 likes, 0 repeats
@popefucker @natecull @mala @Shamar I can't really speak for Java, but #DotNET #security model is very fine grained and extremely extensible.https://docs.microsoft.com/en-us/dotnet/framework/misc/code-access-securityAlmost a decade ago, I wrote a framework based on #CAS to decouple the functionalities provided by a component (eg a method or a class), the runtime properties of the users (eg their roles, the groups the belong to and so on) and the authorization algorithm.A customer used this framework to build a capability system.
(DIR) Post #9hHb3gRf5RQcQ9wgQC by Shamar@framapiaf.org
2019-03-29T23:11:46Z
0 likes, 0 repeats
@popefucker @natecull @mala @Shamar In any case, there is a chicken-egg #security issue in #WASM. The #WASI's #capability system is designed for "non-Web system-oriented API" (see https://github.com/CraneStation/wasmtime/blob/master/docs/WASI-overview.md for details) and is provided as a polyfill for the #Web that can be imported by a .wasm module.So #WebAssembly code served by stranger (and potentially customized to attack the user) will decide which capabilities it requires.I mean... are we sure they know what they are doing? 🤣
(DIR) Post #9hHb3grXXE81iQ3Ll2 by natecull@mastodon.social
2019-03-29T23:18:06Z
0 likes, 0 repeats
@Shamar @popefucker @mala @Shamar Yeah, I was a bit freaked out by reading that. Polyfills in the browser to give arbitrary Posix-style system access???
(DIR) Post #9hHb3hLJkVwpClz8Ai by Shamar@framapiaf.org
2019-03-29T23:23:08Z
0 likes, 0 repeats
@natecull @popefucker @mala @Shamar I didn't tried it, I can't say what they mean. I guess AJAX will work the same as it works now.Browser's HTTP cache is inherent to #HTTP, so it will stay the same too...And I don't know a single operating system that use capabilities for CPU time slices (despite it might be an interesting approach in a real-time #OS) or RAM quotas, so I guess that users' computing power will be fully available to an attacker as it is today.1/
(DIR) Post #9hHb3hrDptT6niubtw by Shamar@framapiaf.org
2019-03-29T23:28:28Z
1 likes, 1 repeats
@natecull @popefucker @mala @Shamar If I'm right, an attacker will still be able to gain control over- the IPs of the users- their bandwidth- their RAM- their computing power- their disk (through cache)as I described in https://bugzilla.mozilla.org/show_bug.cgi?id=1487081And given the #WASM is going to be an optimized #binary, I'm pretty sure it will be way harder to detect an attack like the one I described months ago and the Russian Government is currently running (last comments in the #Mozilla bug report)
(DIR) Post #9hHb3i1VDfgxJbiovQ by natecull@mastodon.social
2019-03-30T00:00:46Z
0 likes, 0 repeats
@Shamar @popefucker @mala @Shamar Can you explain what you think the attack mode is that you describe in the bugzilla? Because it's not clear to me.You're saying that Javascript code from an evil server can do.... what, precisely, on the local machine? Other than consume CPU cycles to mine cryptocoins, for instance? Isn't Javascript sandboxed off from, eg, the filesystem or arbitrary network packet generation for that whole reason?
(DIR) Post #9hHb3iEyPaT1zO1ZvE by natecull@mastodon.social
2019-03-30T00:02:15Z
0 likes, 0 repeats
@Shamar @popefucker @mala @Shamar I agree that hard resource limits on network-delivered code is something that we desperately need. I think that's why I have to keep restarting Firefox daily now, because pages just run Javascript and... don't stop.
(DIR) Post #9hHb3iWLN0MUrG9Rzs by Shamar@framapiaf.org
2019-03-30T00:07:41Z
0 likes, 0 repeats
@natecull @popefucker @mala @Shamar I'm sorry if the bug report is not clear: originally I tried to write it in a leveled way, so that a browser developer could understand its severity without bad guys to notice it.Unfortunately they were less smart than I though and tried to negate the issue, to move the discussion on #Lobsters (where they never said if #Firefox is vulnerable to these undetectable attacks) or arguing that it was not possible to fix it (despite the mitigations proposed).1/
(DIR) Post #9hHb3igGm6IlM2nNT6 by Shamar@framapiaf.org
2019-03-30T00:14:30Z
0 likes, 2 repeats
@natecull @popefucker @mala @Shamar The class of possible attacks is huge and though simple #HTTP cache headers, an attacker can easily remove any evidence of the attack.The first #PoC exploit that I wrote is at https://dev.to/shamar/the-meltdown-of-the-web-4p1m The linked fiddler tunnel into your private network to test the open ports on your PC.Later @rain extended the attack to the other computers on your LAN (behind firewall and proxy) to discover their IP and open ports: https://rain-1.github.io/in-browser-localhostdiscovery2/
(DIR) Post #9hHcc4xWYDkYFWoVlI by natecull@mastodon.social
2019-03-30T00:19:58Z
0 likes, 0 repeats
@Shamar @popefucker @mala @Shamar @rain I'm sorry but I still don't understand what you're saying at that first link. So I can see why Firefox devs just closed your bug. What exactly IS the problem? What is the thing that Javascript can do, and why shouldn't it be able to do it?(Note: I don't use JSfiddle, and I'm not about to change my localhosts file. And I'm not going to click on a link that says it's an exploit, without something EXPLAINING what the exploit IS.)
(DIR) Post #9hHcc5CPerewzhmOy8 by Shamar@framapiaf.org
2019-03-30T00:26:04Z
0 likes, 0 repeats
@natecull @popefucker @mala @Shamar @rain The change to your host file simulated a #DNS rebinding.Actually some ISP rebind by default certain domains to 127.0.0.1 so the attacked might just use these.But I was naive to introduce such indirection: the attack works even if you don't modify the host file and simply use "127.0.0.1" as the host in the code.1/
(DIR) Post #9hHcc5ba9HnCFlYVCS by Shamar@framapiaf.org
2019-03-30T00:32:11Z
0 likes, 0 repeats
@natecull @popefucker @mala @Shamar @rain Anyway, this specific attack (that is just one of infinite many one could conceive and was the fifth I conceived myself) is trivial to understand: to test port 1, it create an image with an url like "https://127.0.0.1:1/img.gif" and measure the time for the page to load.If the port is closed, the page will take a lot of time to load because the browser's timeout have to kick, instead if the port is open it fails fast.Thus one can map your LAN w/JS.
(DIR) Post #9hHcc5qpEbzB12gfxY by natecull@mastodon.social
2019-03-30T00:35:20Z
0 likes, 0 repeats
@Shamar @popefucker @mala @Shamar @rain Ok so let me get this straight. The entire core of your worry is about 1) portscanning2) using AJAX queries3) and cache timing 4) having first tricked the user via dodgy DNS into executing Javascript from a web page that resolves to 127.0.0.1, because it won't work from any arbitrary server IP?
(DIR) Post #9hHcc62WX7LLbKA1C4 by Shamar@framapiaf.org
2019-03-30T00:39:47Z
0 likes, 0 repeats
@natecull @popefucker @mala @Shamar @rain Why you assume I'm dumb?Please read the article, an attacker can access to any #HTTP service on your LAN and send over the web any content there through these attack.Or he can send content inside your LAN.Or he can poison your cache with illegal contents.Without leaving evidences.I mean: the Russian Government is exploiting these attacks in the wide and building a database of people who could detect them.Do you think they are doing what?
(DIR) Post #9hHcc6Ag2nri0byWu0 by natecull@mastodon.social
2019-03-30T00:42:01Z
0 likes, 0 repeats
@Shamar @popefucker @mala @Shamar @rain I wasn't assuming that you are dumb, but I don't think you're communicating well.I've read your article and I didn't understand it. That's why I'm asking you to explain.I'm still not hearing you say what the *mechanism* of this exploit is.What is it that Javascript is doing that it shouldn't do?
(DIR) Post #9hHcc6FdkLpqG0IUdc by Shamar@framapiaf.org
2019-03-30T00:47:17Z
0 likes, 0 repeats
@natecull @popefucker @mala @Shamar @rain > What is it that Javascript> is doing that it shouldn't do?That specific #JavaScript is allowing an attacker to tunnel into your private network despite your #firewall and #proxy.This is a flaw in the architecture of the #Web as designed by #WHATWG: anyone who is able to identify the targets and serve #JS to their browser (which include, hosting service providers, clouds, cdn, MitM like cloudflare, advertisers and so on) can have it executed.
(DIR) Post #9hHcc6RL2rC0qHlps8 by natecull@mastodon.social
2019-03-30T00:50:09Z
0 likes, 0 repeats
@Shamar @popefucker @mala @Shamar @rain Yeah, see, you need to work on your phrasing here. 'Tunnel into' is not a particularly good choice of words because tunnelling protocols are not involved.The design of the web always did allow any web page to make a link to any local IP address.I think perhaps what you're saying is that you think AJAX queries should have restrictions on the sites that they can send packets to?
(DIR) Post #9hHcc6X0hljJ7sQMiG by natecull@mastodon.social
2019-03-30T00:52:26Z
0 likes, 0 repeats
@Shamar @popefucker @mala @Shamar @rain I thought that XmlHTTPRequest *did* have such restrictions, so that Javascript loaded from a domain could only send queries to hosts on the same domain, but I guess what you're saying is this isn't being restricted for some reason?
(DIR) Post #9hHcc6eSG5gVUxuJJg by fabricedesre@mamot.fr
2019-03-30T01:08:07Z
0 likes, 0 repeats
@natecull @Shamar @popefucker @mala @Shamar @rain XHR and fetch() have to obey the Same Origin Policy, yes. So either the server has CORS set up, or the attack uses other kind of resource downloads (images, style sheets for instance).
(DIR) Post #9hHcc6ojdruM0qiWLA by Shamar@framapiaf.org
2019-03-30T01:12:09Z
0 likes, 0 repeats
@fabricedesre @natecull @popefucker @mala @Shamar @rain Exactly.I create through a malicious jquery.js a 1x1 image equivalent to <img src="https://illegal.contents.com/source/code/of/Windows10.tar.gz"/>When the page load finish, I know the sources are in your cache, I remove the image and reload the javascript with an harmless one to rewrite your cache (I previously served the malicious jquery.js with proper http cache control).A very advanced technique, don't you think? 😉
(DIR) Post #9hHcc73ckVokl1gPY0 by natecull@mastodon.social
2019-03-30T01:13:31Z
0 likes, 0 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain Ah, I see. Someone on 20 March added this section to the Wiki page. Was it you, or rain?These few lines at least are MUCH more descriptive about what the actual attack involves.https://en.wikipedia.org/wiki/Same-origin_policy#Attacks_in_face_of_same-origin_policy
(DIR) Post #9hHcc7DY9bl1FoKL1E by Shamar@framapiaf.org
2019-03-30T01:16:15Z
0 likes, 0 repeats
@natecull @fabricedesre @popefucker @mala @Shamar No. I didn't write it.But somebody should add a reference to the #Mozilla and the #Chromium bug reports that explain this (or at least to my PoC or the @rain's one, if it's clearer).
(DIR) Post #9hHcc7R1LWX5vad612 by fabricedesre@mamot.fr
2019-03-30T01:18:10Z
0 likes, 0 repeats
@Shamar @natecull @popefucker @mala @Shamar @rain Honestly I think the wikipedia entry is much more clear than your bug reports
(DIR) Post #9hHcc7Wh0R4ODBHcrA by Shamar@framapiaf.org
2019-03-30T01:25:21Z
0 likes, 0 repeats
@fabricedesre @natecull @popefucker @mala @Shamar @rain It's clear, but partial and doesn't touch the core of the problem.It's very convenient to say that the problem are workaround to #SameOriginPolicy, but it's not just that.The problem is that the browser automatically execute programs from untrusted sources while giving such sources plenty of information to identify and customize the program and trivial tools to remove all evidences of the attack!Do you see anything about this there?
(DIR) Post #9hHcc7rxjM5FH9Ec0e by fabricedesre@mamot.fr
2019-03-30T01:28:27Z
1 likes, 0 repeats
@Shamar @natecull @popefucker @mala @Shamar @rain Believe me browser implementers are far from being incompetent. But they are also very much tired of people that come with a solution such as "disable JS and don't cache anything" because it's not constructive.You're doing yourself a dis-service by how you approach them. Instead, propose something like a default CSP that would enforce stronger policies without breaking the whole web, or something else...
(DIR) Post #9hHcc868sdQTz7rw6y by Shamar@framapiaf.org
2019-03-30T01:35:20Z
0 likes, 0 repeats
@fabricedesre, I'm not a browser developer.I'm a hacker, I'm a #web developer, a distributed operating system developer, but NOT a #browser developer.When asked in the #bug report 'How would you "fix" this bug?' by Daniel Veditz, I did my best to provide the best mitigations I could think of.In #China, mining #BitCoin is illegal. You just need control of #CPU and #RAM to produce evidences that an annoying guy is violating the Law.1/@natecull @popefucker @mala @Shamar @rain
(DIR) Post #9hHcc8QLfVaaznK4bg by Shamar@framapiaf.org
2019-03-30T01:38:40Z
0 likes, 0 repeats
@fabricedesre @natecull @popefucker @mala @Shamar @rain In all honesty I don't think that better mitigations exists, neither in the short term nor in the long run.The only actual fix is to remove any sort of scripting from the #Web. Which doesn't break the web at all despite what most people say.Please TRY.With #Chrome it's very easy.That's just #GroupThink on a scale.Most of the Web work fine without JS, and the rest will adapt as soon as most people will have it disabled by default.
(DIR) Post #9hHcc8ad3HoRVg8HdA by natecull@mastodon.social
2019-03-30T01:40:57Z
1 likes, 0 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain There you are again. You're telling people to turn off their computers.Which yes, will certainly make those computers more secure.But that is not how you get the people making the computers to listen to you.
(DIR) Post #9hHcc8wFkt6sakFYKu by natecull@mastodon.social
2019-03-30T01:42:52Z
0 likes, 0 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain I mean, if people DID stop using Javascript in Web browsers?They'd just move to some OTHER web application platform, running outside the browser, with exactly the same set of capabilities. Nothing would have been gained.You need to be more precise about WHAT capabilities need to be removed. Just 'scripting' is not the correct answerEVERYTHING running on your desktop, you downloaded from the Internet. Unless you installed from CDs.
(DIR) Post #9hHcc9GoWRYZcVryNs by Shamar@framapiaf.org
2019-03-30T01:48:31Z
0 likes, 0 repeats
@natecull This is simply false.I used to write #Web application before #JavaScript was a issue, when it was a toy to workaround the rendering issues of #IE6 and maybe pre-validate forms on the client side to save some bandwidth.Back then the #W3C was working on the #SemanticWeb, based on #XHTML and the #XML based stack.@alcinnz is working on the #Memex browser to show that you can replace what's worth of JS with declarative tags and #CSS.@fabricedesre @popefucker @mala @Shamar @rain
(DIR) Post #9hHcc9ZFPuImXgUh7I by natecull@mastodon.social
2019-03-30T01:50:00Z
0 likes, 0 repeats
@Shamar @alcinnz @fabricedesre @popefucker @mala @Shamar @rain Look, I don't know what application you're using to have this conversation, but I'm having it on Mastodon, which simply does not work without Javascript.Your argument does not seem to take modern web-app usage into account.Are you saying 'Don't use Mastodon?' I'm sorry, but I am.
(DIR) Post #9hHcc9jAp0F32T8caW by Shamar@framapiaf.org
2019-03-30T01:56:14Z
0 likes, 0 repeats
@natecull @alcinnz @fabricedesre @popefucker @mala @Shamar @rain No.My argument is that #Mastodon shouldn't be executed by the same application that you use to read news.And such runtime to run Mastodon should require SRI and inform you if they change and... all the other mitigations I described in the bug report.And... this: https://framapiaf.org/web/statuses/101837105318973580(thanks Adrian, you typed faster than me)
(DIR) Post #9hHcc9qcNKCFPYcZBw by natecull@mastodon.social
2019-03-30T02:02:11Z
1 likes, 0 repeats
@Shamar @alcinnz @fabricedesre @popefucker @mala @Shamar @rain I will say that 1) I didn't know that this local-network message-sending capability existed in today's web browers, and now that I know it, I am seriously considering turning off Javascript by default because yes, it's pretty scary.2) I would love to see a new platform replace the Web, but I don't really have an idea of what kind of features would be secure3) the Von Neumann-machine style of scripting is pretty terrible
(DIR) Post #9hHccAATBW4mP7uQ8O by Shamar@framapiaf.org
2019-03-30T02:06:51Z
0 likes, 0 repeats
@natecull @fabricedesre @popefucker @mala @Shamar @rain I think I agree on all three 🎉 As for the features the new Web should have, I have a lot of ideas (as @alcinnz knows more than he'd like 🤣)... but I don't think that from a user perspective it would change much.As of today, if you disable JS you will be surprised to not that most of the #Web works fine, and some website even work better! Really, no kidding.That's because most banner and data-razors are implemented in JS.
(DIR) Post #9hHccAL6XyaCw6sui8 by natecull@mastodon.social
2019-03-30T02:10:32Z
0 likes, 0 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain @alcinnz I feel like the 'page' model of the old pure-HTTP Web is not especially helpful now, if we were starting over. We seem to have a lot of data which is in chunks much smaller than a page. A lot of the justification for AJAX techniques seem to be just about dealing nicely with such data, and then using single-page applications to create a collection UI. If our Web2 could deal with such small chunks natively it'd be a big help.
(DIR) Post #9hHccAWRrnenVIByOO by kragen@nerdculture.de
2019-03-30T02:55:26Z
0 likes, 0 repeats
@natecull @Shamar @fabricedesre @popefucker @mala @Shamar @rain @alcinnz yeah, I've written a few thousand words about how to do a sentence-granularity hypertext web. some of it is lost now, other parts are unfinished. TiddlyWiki and Smallest Federated Wiki are two existing systems exploring that space
(DIR) Post #9hHd4BiZ12RXJsDfvs by emsenn@tenforward.social
2019-03-30T03:00:40Z
0 likes, 0 repeats
@kragen I don't really get what you mean here but think it'd interest me, could you write a couple dozen more words on it plz?
(DIR) Post #9hHdn9vOWrHsn1fI0G by kragen@nerdculture.de
2019-03-30T03:08:47Z
0 likes, 0 repeats
@emsenn Horowitz & Hill is a hypertext; it's full of references to "Section 1.12", "Exercise 1.17", "Fig. 1.5", and so on. Also, most sentences implicitly refer to the previous few sentences. This hypertext structure is flattened into paper by a human attempting to minimize the number of forward references and cross-page references, but this is less helpful when you're trying to read it on a cellphone. What if you divided it into "grains" of which any dozen or so would fit on the phone screen?
(DIR) Post #9hHeABUUs8GSJ83yKm by Shamar@framapiaf.org
2019-03-30T00:19:05Z
0 likes, 1 repeats
@natecull @popefucker @mala @Shamar @rain (Meanwhile I was banned from #Lobsters https://dev.to/shamar/i-have-been-banned-from-lobsters-ask-me-anything-5041 but I'm not sure anymore that it was due only to #Mozilla's lobbying, as I discovered that one of their admin works for #Google)Since 2 #exploits like these were not enough to convince #Firefox developers to fix the issue, the Russian Government felt authorized to use the attack to identify the people who were taking counter-measures (probably to build a #db of #suspects).3/
(DIR) Post #9hHeABndixZpGV1GAi by calvin@cronk.stenoweb.net
2019-03-30T03:12:35Z
0 likes, 0 repeats
@Shamar @natecull @popefucker @mala @Shamar @rain you weren't banned because of "google employees" but because you repeating points ad infintium instead of engaging in dialoguefor the audience at home, this was the thread that was the last straw: https://lobste.rs/s/pnfmzr/google_certbot_letsencrypt#c_2xs6cg
(DIR) Post #9hHeFkcvfH0CjBf4sK by kragen@nerdculture.de
2019-03-30T03:13:58Z
0 likes, 0 repeats
@emsenn Instead of relying on a previously-computed optimization for a fixed page size, you could use a dynamically-computed optimization of the set of concurrently displayed sentence-sized "grains" of information, and you could also manually tweak that view to fit your current focus of attention. Maybe you want to pin Exercise 1.17 while you review previous parts of the chapter.
(DIR) Post #9hHeSY2BnLOXRAZwqO by kragen@nerdculture.de
2019-03-30T03:16:16Z
0 likes, 0 repeats
@emsenn But the key point is that you give purple numbers — persistent linkable identities — to "grains", much smaller entities than WWW pages or even paragraphs, and you display several such grains at a time in a single flow. "Granular hypertext" generalizes not just to textbooks but also blogs, chat channels, Jupyter-like "notebooks", and so on.
(DIR) Post #9hHfBej5lF2zDu9gtk by kragen@nerdculture.de
2019-03-30T03:24:25Z
0 likes, 0 repeats
@emsenn @alcinnz @Shamar taking the "notebook" idea further, maybe some grains could take "fragment parameters" as part of the link to them, so that you could instantiate the same grain with different inputs to get different displayed results — like <http://canonical.org/~kragen/sw/dev3/rpn-edit#50_iota_2_ln_*_exp_11_iota_1_+_11_iota_2_+_*_2_/> but not isolated on a page by itself like that.When you follow an explicitly-invoked link, the linked grain gets added to your current display, rather than replacing it.
(DIR) Post #9hHfsWQCVtGzv1l8TY by kragen@nerdculture.de
2019-03-30T03:32:10Z
0 likes, 0 repeats
@emsenn @alcinnz @Shamar anyway I should have hacked together a prototype of this a long time ago so we could try it out and see what works well and what doesn't and then argue about how to change it. I'm interested in what you all think about the merely verbal idea, though!
(DIR) Post #9hHg0yrceKYkRocQy0 by emsenn@tenforward.social
2019-03-30T03:33:42Z
0 likes, 0 repeats
@kragen I'm writing a fantasy canon/series of stories and it sounds like it'd be real useful in a lot of ways!Don't have more to say rn but maybe later, thanks ofr taking the time to explain! @alcinnz
(DIR) Post #9hHg65nKJCTlOI2ymW by kragen@nerdculture.de
2019-03-30T03:34:38Z
0 likes, 0 repeats
@emsenn @alcinnz do you mean as a hypothetical system the characters use, or as a means of publishing the stories, or as a tool for you as a writer to remember which character is the one with the childhood trauma associated with frogs?
(DIR) Post #9hHgBPqx9vSb36HXFY by emsenn@tenforward.social
2019-03-30T03:35:35Z
0 likes, 0 repeats
@kragen The last one there. Right now I'm working with a big org-mode file that has sections for stories, an encyclopedia, a timeline, and an atlas, and they all link between each other. One thing it's lacking is the ability to link to specific sentences of a story, like a bible. @alcinnz
(DIR) Post #9hHgf0wOLZ8STLwHzM by kragen@nerdculture.de
2019-03-30T03:40:56Z
0 likes, 0 repeats
@emsenn @alcinnz I see! Yeah, TiddlyWiki is kind of aimed at that kind of thing, but its "tiddlers" are still a bit heavier-weight (visually) than what I'm thinking of for "grains" — I want to be able to break each single paragraph into multiple grains, which implies that the editor app is doing it either automatically or through some kind of UI feedback.
(DIR) Post #9hHgkxPsMbNZHMZ22K by kragen@nerdculture.de
2019-03-30T03:42:01Z
0 likes, 0 repeats
@emsenn @alcinnz Like maybe in edit mode you only have 128 columns for a grain, and the grain won't wrap in edit mode. Or maybe it gets progressively slower once your grain gets over 128 characters. But the Mastodon/Twitter nonsense of showing a progressively decreasing counter as your "grain" approaches the limit, well, that's for the birds. Or the mammoths, or whatever.
(DIR) Post #9hHgnYdawl15IXDlGy by emsenn@tenforward.social
2019-03-30T03:42:29Z
0 likes, 0 repeats
@kragen The wrapping one appeals to me a looooot. @alcinnz
(DIR) Post #9hHh0X2uAyz87rFKLY by kragen@nerdculture.de
2019-03-30T03:44:50Z
0 likes, 0 repeats
@emsenn @alcinnz Yeah, I was thinking that maybe the grain source text would start scrolling horizontally at that point, so you would have to hit Enter to divide it into two grains if you wanted to see all of it on the screen at once while you were editing it
(DIR) Post #9hI0uVMhVhLWG6uPtg by Shamar@framapiaf.org
2019-03-30T07:27:42Z
0 likes, 0 repeats
@calvinI engaged on dialogue in any possible way on any possible channel I was able to.Here can read a chronological history here: https://dev.to/shamar/comment/5dp2However the #Lobsters' admin didn't say that they were banning me for this issue but because of the deviations of my downvotes from the average pf downvotes (not considering all upvotes that were even more).@natecull @popefucker @mala @Shamar @rain
(DIR) Post #9hIbVKFfOCaar6TXuK by cwebber@octodon.social
2019-03-30T14:15:22Z
1 likes, 0 repeats
@mala Yep! I'm very interested in Fuschia, though I'm a bit nervous about Google being the leader without community involvement a-la Android.... there's a Rainbows End type Secure Computing Environment (or whatever they called it) type risk where the user has complete ocap safety all the way through their operating system... except for the root capability, which is controlled by a state or corporate actor
(DIR) Post #9hIbVKUYUqUzbHRR7A by cwebber@octodon.social
2019-03-30T14:16:34Z
4 likes, 2 repeats
@mala basically, we *NEED* ocap security in our operating systems, and it's the only viable future. If it comes handed down from a corporate direction without community involvement it might be done in a way that results in hard-to-work-around lockdown. If, however, the hardware and entire os stack are truly libre, it'll be the best advancement in user freedom since GNU
(DIR) Post #9hIhs7um1WHAyixUjw by qwazix@mastodon.social
2019-03-30T14:36:42Z
0 likes, 0 repeats
@cwebber @mala yeah but fuchsia is permissive so no kernel sources from manufacturers so no user controlled devices. I think fuchsia is the devil incarnate for user freedom though I admit I know little else about it.
(DIR) Post #9hIhs83zTFeHRJGr6e by cwebber@octodon.social
2019-03-30T14:45:23Z
0 likes, 0 repeats
@qwazix @mala In this case, I think the community governance model (or lack thereof) and lack of choices in user-controlled hardware are much more alarming at the moment than the licensing choice.
(DIR) Post #9hIhs8DusLaXw5umZs by cwebber@octodon.social
2019-03-30T14:46:25Z
2 likes, 0 repeats
@qwazix @mala In that sense, I am more interested in the following directions: - Seeing the capsicum patches merged into the Linux kernel - Genode - Yes, even a fully GNU Hurd based system (if Hurd had taken off instead of Linux, we might *have* ocap security in our systems today)
(DIR) Post #9hIhs8M4O26uLNjIHo by cwebber@octodon.social
2019-03-30T14:48:10Z
0 likes, 0 repeats
@qwazix @mala However if none of that is possible, maybe using Fuschia as a base is possible, but real actual community governance would be needed around it... which might mean forking.
(DIR) Post #9hIhs8WhkUcKsMhmrY by Shamar@mastodon.social
2019-03-30T15:24:45Z
1 likes, 2 repeats
@cwebber#Fuchsia exists to get rid of #GPL that somewhat resists to #corporate embrace extend extinguish usual tactics.Android community control is just an illusion and all developers knows this (even when they don’t like to say it): https://gbl08ma.com/developing-for-android-is-like-being-a-demonetized-youtuber/There is no real openness in #Google projects: whatever the #license, #patents, political pressure and good ol' money ensure they control everything they touch.@qwazix @mala
(DIR) Post #9hIn3RDh5T7VoC1OSW by Shamar@framapiaf.org
2019-03-29T23:17:49Z
0 likes, 1 repeats
@popefucker @natecull @mala @Shamar A capability system makes sense in an operating system (and yes, I guess they know very well what they are doing... they want to do what Gates wanted #DotNET to become with #WASM and #Google #Fuchsia), but in a #browser it doesn't add much to the #security of the user.OTOH I could be very convenient to convince most people to move to Fuchsia "because the Browser design is inherently flawed, but Fuchsia can run the same application: try it in your browser!"
(DIR) Post #9hIoYplZyQXeryPD84 by Shamar@framapiaf.org
2019-03-30T02:12:52Z
0 likes, 0 repeats
@natecull @fabricedesre @popefucker @mala @Shamar @rain @alcinnz I think it will be able to, but each network request will be a conscious decision of the user.But to be fair, I should say that you don't need JS or AJAX for that: frames and iframes existed before and were designed to deal with that exact issue.
(DIR) Post #9hIoYq9KY7Xa3dWB9M by natecull@mastodon.social
2019-03-30T02:23:27Z
0 likes, 1 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain @alcinnz Frames existed, but they were pretty universally regarded as a terrible mistake.I would like something like transclusion.But I suspect even as simple a thing as transclusion makes a system Turing-complete, because it's essentially the same as 'evaluating a function'.That's why I don't think Turing-completeness is the danger, so much as exposed state and APIs. Pure-functional is maybe more tractable than imperative scripting.
(DIR) Post #9hIoqpOo4tQwwWKmZc by Shamar@framapiaf.org
2019-03-30T02:28:06Z
0 likes, 0 repeats
@natecull @fabricedesre @popefucker @mala @Shamar @rain @alcinnz A NOT turing complete scripting language could do the same sort of attacks.Not having a turing complete scripting language is not enough, you are right.But having a declarative #HyperText description language that don't let the server mutate the page without an explicit and not trickable request of the user, would do the job.
(DIR) Post #9hIoqpa9OiVXVhdqFs by natecull@mastodon.social
2019-03-30T02:31:07Z
0 likes, 0 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain @alcinnz So how would you implement visual interfaces, like for data visualisation, or games, or all the other things that we used to use Java for, then Flash, then HTML5? Because it seems we need something for those that can be downloaded and connect to Internet data sources.Would a functional-reactive language like Elm work for you, or would it break the idea of 'don't modify the page'?
(DIR) Post #9hIoqpncadHcBTwbFg by rick_777@cybre.space
2019-03-30T03:58:25Z
0 likes, 0 repeats
@natecull@Shamar @fabricedesre @popefucker @mala @Shamar @rain @alcinnzAll this conversation is becoming a hellthread. Look around your cellphone and realize that compartmentalized permissions are the way to go. Microsoft's internet zone could also be a good ingredient. If M$ treats downloaded files with suspicion, maybe we should start treating websites with the same caution - 1/2
(DIR) Post #9hIoqpxtyPVShMkoHA by rick_777@cybre.space
2019-03-30T03:58:27Z
0 likes, 0 repeats
@natecull @Shamar @fabricedesre @mala @Shamar @rain @alcinnz @popefucker "This website requests access to a local network resource. Allow, deny?" - 2/2
(DIR) Post #9hIoqq7TOpA9B3ESC8 by Shamar@framapiaf.org
2019-03-30T08:27:02Z
0 likes, 0 repeats
@rick_777> we should start treating #JavaScript with suspicionEhm... isn't this exactly what I'm saying by more than seven months?Per website opt-in #JS is exactly what you are describing but with an easier to use interface.But again, it's not enough. Some attacks can be carried with a simple meta refresh. Other just need RAM and CPU, and so on.@natecull @fabricedesre @mala @Shamar @rain @alcinnz @popefucker
(DIR) Post #9hIoqqLIZQDnrvhUkC by rick_777@cybre.space
2019-03-30T15:33:40Z
0 likes, 0 repeats
@ShamarNo. A javascript might have forbidden access to network, but a link or an offending CSS might be able to use some hidden exploit to find out which links are purple or something. An evil website could load a list of links from a hidden frame. My point is, restricting security to JavaScript is too little. The ENTIRE WEBSITE should be sandboxed from local networks, and clear lines should be drawn - 1/3
(DIR) Post #9hIoqqUA2TJKJPqZYe by rick_777@cybre.space
2019-03-30T15:33:41Z
0 likes, 2 repeats
@Shamar @natecull @fabricedesre @mala @Shamar @rain @alcinnz @popefucker The whole paradigm of web browsing needs a complete and total overhaul. Disabling javascript is just a hack - 2/3
(DIR) Post #9hIozEj1neB5o6nmvQ by natecull@mastodon.social
2019-03-30T01:17:03Z
0 likes, 0 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain Also this PDF seems pretty good!https://www.forcepoint.com/sites/default/files/resources/files/report-attacking-internal-network-en_0.pdf
(DIR) Post #9hIozEzKp1DocgQoLI by natecull@mastodon.social
2019-03-30T01:18:58Z
0 likes, 0 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain So I'm guessing it was John Bergbom from Forcepoint (or someone who saw his presentation) who updated Wikipedia, since that's his document dated 19 March.He seems to be saying exactly what you've been saying, but with the details spelled out.
(DIR) Post #9hIozFHPjngRWktFWS by natecull@mastodon.social
2019-03-30T01:19:46Z
0 likes, 1 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain << Wouldn’t Same-origin Policy prevent local attacks?Indeed, the Same-origin Policy (SOP)[4] does prevent this attack in many cases, but as we will see, there are still circumstances where an attack may succeed. Though documented, it is a largely overlooked fact that SOP does not prevent the browser from sending outa cross-domain request, it only prevents JavaScript from reading the response. >>
(DIR) Post #9hIp0Bj4R8GinKH9gO by natecull@mastodon.social
2019-03-30T01:26:25Z
0 likes, 0 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain << The problem is that the browser automatically execute programs from untrusted sources >>That's precisely the 'coming in hot shouting 'turn off your computers'' bit I was just now telling you not to do.'Programs from untrusted sources' is not the problem.The *capabilities* that those programs have access to? Those are the problem.
(DIR) Post #9hIp0BvTh0C3Po541Q by Shamar@framapiaf.org
2019-03-30T01:30:06Z
0 likes, 0 repeats
@natecull @fabricedesre @popefucker @mala @Shamar @rain > 'Programs from untrusted> sources' is not the problem.Ever heard of #Meltdown and #Spectre?Do you really think it will never been a RCE issue in the browsers?
(DIR) Post #9hIp0C4LA3HZrIE8ps by fabricedesre@mamot.fr
2019-03-30T01:32:00Z
0 likes, 0 repeats
@Shamar @natecull @popefucker @mala @Shamar @rain Wait, no one forces to use a browser, or prevents you from *contributing* to make the existing ones better. Just be a little bit less condescending and more positive.
(DIR) Post #9hIp0CIAKeLEYAhBNw by Shamar@framapiaf.org
2019-03-30T01:43:54Z
0 likes, 0 repeats
@fabricedesre @natecull @popefucker @mala @Shamar @rain Did you saw the bug report?Doesn't it count as a contribution now?If one of my software's user spend hours to write a bug report like that, I find a way to send him a gift, not to have him banned from online communities.In any case, given what I've learned of #Mozilla and #Chromium, I decided that if I have to help a browser, it won't be those.I support as I can @alcinnz's work on #Memex (not enough, Adrian, sorry). Or #NetSurf.
(DIR) Post #9hIp0CUvZCY9BkfNHE by natecull@mastodon.social
2019-03-30T01:48:05Z
0 likes, 1 repeats
@Shamar @fabricedesre @popefucker @mala @Shamar @rain @alcinnz Your bug report is not nearly in the same class as John Bergbom's. He clearly describes the problem: 'Same Origin Policy does not block local network attacks' and describes precisely why.This is not something that most web developers understand. It is assumed that SOP is in effect and would prevent all these attacks.You did not take the time to itemise the exploits, just said 'change your localhost and click here' which, uh, NO
(DIR) Post #9hIp83kLzHFwMcd4Qy by alcinnz@floss.social
2019-03-30T02:34:59Z
0 likes, 1 repeats
@natecull @Shamar @fabricedesre @popefucker @mala @Shamar @rain Personally I'd want seperate standards for those more interactive things from stuff like news articals, public communications, etc. So that the browser (or whatever app it hands these off to) can have a "click to activate" button.And yes, I'd lean towards a functional reactive language for that.But I wouldn't embed it in those webpages.
(DIR) Post #9hJkXLSOyKiJv1Qixc by clacke@libranet.de
2019-03-31T03:33:35Z
0 likes, 0 repeats
@xj9 @mala @natecull Because it is a fricking miracle of the software gods that you can take a System/38 binary from 1978 and run it on your IBM i (AS/400).Because our interstellar grandchildren deserve a better lingua franca than x86 VMs.Because www.destroyallsoftware.com/tal… is HaHaOnlySerious.
(DIR) Post #9hJlAEKHQ1n761AmX2 by clacke@libranet.de
2019-03-31T03:40:02Z
0 likes, 0 repeats
@mala @natecull @xj9 Also having a ubiquitous bytecode might help with the bootstrapping problem even for those who in the end compile to native.
(DIR) Post #9hKfvd3CuDXSp0Miae by icedquinn@niu.moe
2019-03-31T14:16:52Z
0 likes, 0 repeats
@Shamar @cwebber @qwazix @mala one of those fringe reasons I'm not real keen on using TensorFlow either.
(DIR) Post #9tzyPFlFSMh8ZkUOMy by qwazix@mastodon.social
2019-03-30T15:08:18Z
0 likes, 0 repeats
@cwebber in my mind this is just chicken and egg. Android community exists because there are kernel sources so you can run lineage, replicant or other forks on an easily procured device. Without kernel sources, even if one or two open devices existed there would be no lineage, just like there is no meego, nemo, firefoxOS, openWebOS, ubuntu touch, shr, bla bla @mala
(DIR) Post #9tzyPFvsopCZ6jSswi by cwebber@octodon.social
2019-03-30T15:12:06Z
1 likes, 0 repeats
@qwazix @mala There will probably be microkernel sources. The kernel is a much smaller thing in the design of Fuschia than it is in Linux and BSD based systems.