User: Password:
|
|
Subscribe / Log in / New account

The Open Web: KDE frees the web from the browser

The Open Web: KDE frees the web from the browser

Posted Oct 17, 2009 22:57 UTC (Sat) by pflugstad (subscriber, #224)
In reply to: The Open Web: KDE frees the web from the browser by sebas
Parent article: The Open Web: KDE frees the web from the browser

I read the article, and saw the comment about separating content from client-side application logic. And honestly, I'm not entirely sure what that means. The problem with most of the web is malicious content that exploits holes in the client side application. The more client side web applications there are, embedded EVERYWHERE as this seems to be, the more places malicious content has to look for exploits.

I know you're not trying to recreate Java/CLR, or even JavaScript, but in order to be compelling over browser based content, your application is going to have to provide content with similar features and ability to interact with the desktop.

And, to make an example: some malicious content crashes one applet, and now, thanks to the centralized identity management, it has access to ALL my online passwords, emails, etc. Yes, this is possible today, but the diversity of locations and mechanisms makes it much more difficult.

And that doesn't answer the other half of the security question: how secure is MY data when it's on the "web". This is where facebook falls flat - give one facebook application access to your data, and they get access to ALL your data, and your friends data and your friends friends data, or some such nonsense. Security was clearly an afterthought on that social network site. Is any thought being given to how to put up boundaries around the information we provide to the myriad of applets and web-integrated desktop you're creating.

W.r.t my ActiveDesktop comment: Microsoft tried to "integrate" the web into the desktop, 10 years ago. It flopped massively: it was a performance pig, and was just an incredibly bad idea from just about any angle you care to look at. I don't know that anything has changed in the last 10 years to make it any better of an idea - if anything, the increased threat level makes it a worse idea. So now when I fire up the KDE desktop, I'm going to get 10 more "applets" that chew up system resources, and if even one is unstable and causes problems, suddenly my whole desktop drags. Oh, and if some web server one of those applets goes to is compromised and serving up actual malicious content, the applet may crash and suddenly some cracker controls my desktop.

I guess my whole point is that security CANNOT be an afterthought on this kind of stuff. It needs to be thought about up front and included in every stage of development. My other point is that integrating the web into the desktop has been tried before... And while my shouting security may not be terribly helpful, hopefully it raises your awareness of it, and possibly others on this site.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds