Post AL5jFIV1WmwpF3EDLM by abbienormal@tech.lgbt
(DIR) More posts by abbienormal@tech.lgbt
(DIR) Post #AL5BBzvuhgNELi3q8u by abbienormal@tech.lgbt
2022-07-02T08:10:34Z
0 likes, 0 repeats
I keep dreaming of a hierarchy browser made with the Miller Columns that can browse files but also emails fodlers trees, trees hosted in, say, postgres databases, newsgroupt threads or forum threads in generalOr trees made by tags added to filesThe idea of an app doing one thing is exclusively focused on the needs of implemementersWhile it's obvoius that humans don't work that wayIt's incredibly miopic, user hostileit should die in firehttps://en.wikipedia.org/wiki/Miller_columns
(DIR) Post #AL5BC0LRAmn3cs0DvU by urusan@fosstodon.org
2022-07-02T13:35:50Z
0 likes, 0 repeats
@abbienormal I didn't realize that the way MacOS's Finder does things was called Miller columns.
(DIR) Post #AL5BxngpWjSuHFne8e by urusan@fosstodon.org
2022-07-02T13:44:29Z
0 likes, 0 repeats
@abbienormal By the way, the real problem here is security.I mean, I don't see any reason why your specific idea shouldn't be possible with enough work. However, it has to interoperate with a bunch of systems that do have to be secure, which makes it a bigger task.In general, when you write extremely abstract code that can do it all, it becomes a security issue. If it can do it all, then it can run arbitrary code and modify itself. Then it's trivially open to attack.
(DIR) Post #AL5Dj8Vu1RggQRp8lc by urusan@fosstodon.org
2022-07-02T14:04:14Z
0 likes, 0 repeats
@abbienormal Consider the following seemingly benign approach to data transfer (which is a feature in Jackson)Let's say you're using an OO language and you get tired of constantly having to write specific deserialization code for every serialized class that comes in over the wire, and you get the bright idea of adding in the fully qualified class name to the serialized message. You can put this as a requirement in your API spec, and now you can just look up the class and deserialize it as that
(DIR) Post #AL5EMAplKTUkupjAhc by urusan@fosstodon.org
2022-07-02T14:11:17Z
0 likes, 0 repeats
@abbienormal This is a great and powerful approach for many reasons.It's simple, one piece of fairly abstract code can cover your whole codebase, eliminating a whole lot of code.It's extensible, you can add new classes in the future and as soon as they're added to the runtime environment it's possible to deserialize them with no new code.You can easily preserve class across the wire, which isn't always ensured otherwise.It can be simple for the users if you make your classes available.
(DIR) Post #AL5EpCnX6dExPAWo88 by urusan@fosstodon.org
2022-07-02T14:16:33Z
0 likes, 0 repeats
@abbienormal So, why isn't this the norm?Well, there's also another issue of inter-language interoperability. If the original code is in Java, then the class names will all be Java FQCNs, which other languages likely disagree with. Still, you can get around this by just associating a class name String with your own class (or equivalent) and having a registry for these Strings.There's also the issue that it takes up some extra bandwidth to send the String, but there's ways around this too.
(DIR) Post #AL5Fb7RcJU1ehY7kwq by urusan@fosstodon.org
2022-07-02T14:25:12Z
0 likes, 0 repeats
@abbienormal The big problem though is security.If you can deserialize any class, then you can deserialize command/function classes too, which are likely built-in to your language. You might even be able to deserialize a new class type with new code included in the message.In some cases, this new code might be executed immediately. In others you need to find a piece of code that runs it later.Either way, an attacker just sends a well crafted message and takes control.
(DIR) Post #AL5GJ1Cqrra0609OqG by urusan@fosstodon.org
2022-07-02T14:33:08Z
0 likes, 0 repeats
@abbienormal The security best practice here is to put an allowlist in place."Oh, did I say you can deserialize anything? Sorry, I mean just these classes that I actually use."It can still be a better system with an allowlist in place, you still aren't writing code for everything and you just need to add new stuff to the allowlist. You may also be able to write fairly broad allow rules, like "everything in this package".It can also be configurable this way.
(DIR) Post #AL5GenUwW0CHx2zuT2 by urusan@fosstodon.org
2022-07-02T14:37:04Z
0 likes, 0 repeats
@abbienormal However, this definitely kills the dream of an app that does everything, rather than just the one thing you're working on.Unfortunately, this isn't just an implementer concern. Users wouldn't be happy if the code running on their machine was trivial to hijack, or if the online services they were using were constantly sending them spam and malicious code injected by other users (or unavailable due to DoS).
(DIR) Post #AL5HGNqoJs8PPb9H2O by urusan@fosstodon.org
2022-07-02T14:43:50Z
0 likes, 0 repeats
@abbienormal Coming back to your specific proposal, there's nothing wrong with it, but it's made more difficult to code and maintain by the need for all the systems you mentioned needing to be secure.Your database is locked down behind a user account and has an API that's fairly specific to databases (though it should be noted that SQL's flexibility is the reason injection attacks are the #1 security vulnerability).Your code will have to translate between secure databases and your model.
(DIR) Post #AL5Hcjrn96SM40GczY by urusan@fosstodon.org
2022-07-02T14:47:55Z
0 likes, 0 repeats
@abbienormal Plus, all this security adds elements you probably wish your model didn't have to deal with.How do you collect the username and password to access the database? Now you've got to add a setup workflow to capture that information for that specific database (and a management workflow to update or forget the information).It's unfortunate, but as long as attackers exist and we value our security, then we have to deal with this stuff, and all our applications will be fairly specific.
(DIR) Post #AL5Ir3rNhvne52T7Jo by abbienormal@tech.lgbt
2022-07-02T15:01:41Z
0 likes, 0 repeats
@urusan Wow what a long-winded and pedantic reply also, you completely missed my pointI didn't write ANYWHERE that the same process should communicate with email servers, with database servers and othersIf I say that the idea of an app doing one thing should dye, I'm not implying I want ONE process substituting tens of smaller processethat wouldn't be the overcome of this miopi hostile modelin fact it'd be its glorification
(DIR) Post #AL5agJn9vnN9TvWLWy by abbienormal@tech.lgbt
2022-07-02T15:03:32Z
0 likes, 0 repeats
@urusan as for setting up accountsyou may have noticed that the Gnome desktop has an "on line accounts" panelyou set up your accounts there and then they magically pop up in your applicationsif such a thing didn't exist already, I'd be astounded by such a lack of fantasybut it exists already and I'm at loss of words
(DIR) Post #AL5agKHI7lTWzNcPUu by abbienormal@tech.lgbt
2022-07-02T15:04:49Z
0 likes, 0 repeats
@urusan what I wrote is that I envision a browsing app to browse hierarchiesthat's all I wrotehierarchies are applied widely all over the placewhat's the point in having tens of clones of browsing solutions ?
(DIR) Post #AL5agKkMNgjARXDco4 by abbienormal@tech.lgbt
2022-07-02T15:07:30Z
0 likes, 0 repeats
@urusan you can have some services to deal with the email, the databases, for extracting the metainfo from you files...and then you could massage all this information and store it in a common databasethe best thing would be to hae file systems that can store metadata associated with filesbut I know the Gnome people are working on such a common database as a system wide service that apps can trade info with
(DIR) Post #AL5agL8oukIFfOf9vs by abbienormal@tech.lgbt
2022-07-02T15:08:06Z
0 likes, 0 repeats
@urusan you people need o stop thinking in terms of features and start thinking in terms of experiences
(DIR) Post #AL5agLbtAfXt7YGNF2 by abbienormal@tech.lgbt
2022-07-02T15:09:07Z
0 likes, 0 repeats
@urusan the idea of a general serializer/deserializer is insane, it's a nightmare, I wouldn't come close to such a thingnot only for security but also for uglyness !!
(DIR) Post #AL5agM75IgV0gIrHrk by abbienormal@tech.lgbt
2022-07-02T15:10:12Z
0 likes, 0 repeats
@urusan as for interlanguage IDs for classes, that's the work on the dictionaries/ontologies the ActivityPub people discusses so much
(DIR) Post #AL5agMa9Ybke8SSVAu by urusan@fosstodon.org
2022-07-02T18:21:18Z
0 likes, 0 repeats
@abbienormal You're missing my point as well.I'm only saying 2 things:1. In an environment where security is important, making an application that just does one very limited thing is essential for security.2. Since you want your idea to interoperate with pre-existing secure systems, it will require substantial effort to implement.It's quite possible that you have a great idea here, it's just going to take a lot of work.
(DIR) Post #AL5bJlkDwCOXT8xXXs by abbienormal@tech.lgbt
2022-07-02T18:28:33Z
0 likes, 0 repeats
@urusan I don't see how an app for browsing a database can be less secure of anythingBut I don't feel like I need to
(DIR) Post #AL5gknwoM2V7tJYeG0 by urusan@fosstodon.org
2022-07-02T19:29:28Z
0 likes, 0 repeats
@abbienormal That's not what I'm saying either. Your app may be secure or not, depending on the implementation. Even if it's insecure, if it's intended for personal use the security of the app isn't hugely importantThe external (security) models you interact with, both explicit and implicit, add a great deal of complexity and require each externally interoperable system to have its own implementation (which doesn't have to be inside your app) that has to be built and kept up to date.
(DIR) Post #AL5hYYizE9Un9nofVw by urusan@fosstodon.org
2022-07-02T19:38:29Z
0 likes, 0 repeats
@abbienormal If it weren't for security concerns, we wouldn't have to build these secure interface walls around everything, which set up virtual border crossings everywhere and limit which interactions we can have to just "legitimate" activity.
(DIR) Post #AL5i20Tt6mOZdknOUa by abbienormal@tech.lgbt
2022-07-02T19:43:46Z
0 likes, 0 repeats
@urusan You're implying that my idea would require more complexity of the most common modelI don't see how that can beA mail client interacts with a mail server In my idea it would just store info in a db common to other apps and delegate the GUI browsing to a browser common to other apps
(DIR) Post #AL5jFHvDfuJ9S0TcXI by abbienormal@tech.lgbt
2022-07-02T19:45:55Z
0 likes, 0 repeats
@urusan For reference, see the tracker in GnomeI know KDE has something similar tooThey store metadata about files in a system wide db
(DIR) Post #AL5jFIV1WmwpF3EDLM by abbienormal@tech.lgbt
2022-07-02T19:47:44Z
0 likes, 0 repeats
@urusan A mail client could concur to populate ghd sane dbA relational db client could do the sameAnd then you could have one single browser to browse all this infoThat's all
(DIR) Post #AL5jFIs497NaOW0cG8 by abbienormal@tech.lgbt
2022-07-02T19:48:32Z
0 likes, 0 repeats
@urusan The reason why this doesn't exist is obtuseness of much it people, ahemNot security
(DIR) Post #AL5jFJNyEUtrzSw5zM by urusan@fosstodon.org
2022-07-02T19:57:21Z
0 likes, 0 repeats
@abbienormal I'm looking forward to your application. Please keep me posted.
(DIR) Post #AL5kaF61TZpWiq5Mu0 by abbienormal@tech.lgbt
2022-07-02T20:12:22Z
0 likes, 0 repeats
@urusan you really can't take someone not ackowledging your wisdom, can you ?I'm not surprised, I had sensed this from the first interactionAlso, I'd love to say I'm sorry but I'm notI don't give a fuck, actuallynow pisso off please
(DIR) Post #AL5kctVYCHhCdVI4Se by abbienormal@tech.lgbt
2022-07-02T20:12:45Z
0 likes, 0 repeats
@urusan you really can't take someone not ackowledging your wisdom, can you ?I'm not surprised, I had sensed this from the first interactionAlso, I'd love to say I'm sorry but I'm notI don't give a fuck, actuallynow piss off please