> Is anyone else dismayed by the implicit view of these sorts of articles, that browsers should be complicated and full of all these insecure features?
You're taking a position 100% against all additions to web browsers, it seems. And some people responding to you are taking the 100% opposite position. But there is a middle ground.
Browsers should include the minimal amount of technology possible, and strike a compromise between number of features and security (because more features always means less security). What the right compromise is, is of course debatable.
But I don't want to just say "extremes are wrong, the right middle way is best" in a generic manner because that's always true. More specifically, Google is the browser vendor including the most nonstandard technologies these days, and therefore incurring the most risk. For example, NaCl, WebSQL, a large extension API (even including things like text to speech), a closed-source PDF reader, Adobe Flash, Chrome Web Store frontend, and apparently soon Dart. All those things add to the attack surface of Chrome, I would argue needlessly.
Of course other browsers are guilty of similar things, just to a lesser extent. At least Microsoft does not bundle Silverlight with IE (but it will apparently bundle Flash..).
I don't think my position is extreme. I'm not advocating for a removal of all browser features, merely removal of those which are unrelated to the browser's core purpose of document navigation and rendering.
If browser vendors spent less money on implementing audio synthesis or OpenGL, they could spend more on font rendering, SPDY, and standards compliance.
>I don't think my position is extreme. I'm not advocating for a removal of all browser features, merely removal of those which are unrelated to the browser's core purpose of document navigation and rendering.
The view that a browser's core purpose is document rendering and navigation was laughably out of date in 2000. It is simply an invalid opinion today. Users and developers can and do expect browsers to be fully-functional sandboxed runtimes that can host everything from mail clients, to mapping applications to games.
But if you want your browser to be nothing more than a document rendering engine, no one is forcing you to use Firefox. w3m and xxxterm, for example, both fulfill this role quite admirably.
> But if you want your browser to be nothing more than a
> document rendering engine, no one is forcing you to use
> Firefox. w3m and xxxterm, for example, both fulfill this
> role quite admirably.
No they don't, not even close. Firefox and Chrome are years ahead of them in important features like CSS, fonts, and graphics.
> I'm not advocating for a removal of all browser features, merely removal of those which are unrelated to the browser's core purpose of document navigation and rendering.
Fair enough, but what people consider to be documents has changed. Some documents have 3D elements in them, for example architectural content. And some documents benefit from embedding sounds, like Wikipedia pages that contain small relevant snippets of audio. So I think it's hard to know where to draw the line.
But again, I do agree a line needs to be drawn. The browser industry as a whole should work together to define that, in a standards-based way.
You may be minimizing the attack surface, but just because a web browser only supports HTML and CSS doesn't mean it couldn't contain exploits.
It's possible that the HTML parser or image rendering library has a bug and that malformed HTML could cause a vulnerability in the browser. Granted, I believe it would be significantly easier to harden parsers and graphic rendering, but it's already been shown that certain image rendering libraries have been exploited[1].
>At least Microsoft does not bundle Silverlight with IE (but it will apparently bundle Flash..).
If I remember correctly, Flash is only enabled for a set of whitelisted sites. But, as we see, someone will probably chain that to some other vulnerability.
It's definitely safer with a whitelist, however it is still riskier than not shipping Flash at all. A limited exploit might get around the whitelist, and then use any second exploit of Flash to break completely through.
You're taking a position 100% against all additions to web browsers, it seems. And some people responding to you are taking the 100% opposite position. But there is a middle ground.
Browsers should include the minimal amount of technology possible, and strike a compromise between number of features and security (because more features always means less security). What the right compromise is, is of course debatable.
But I don't want to just say "extremes are wrong, the right middle way is best" in a generic manner because that's always true. More specifically, Google is the browser vendor including the most nonstandard technologies these days, and therefore incurring the most risk. For example, NaCl, WebSQL, a large extension API (even including things like text to speech), a closed-source PDF reader, Adobe Flash, Chrome Web Store frontend, and apparently soon Dart. All those things add to the attack surface of Chrome, I would argue needlessly.
Of course other browsers are guilty of similar things, just to a lesser extent. At least Microsoft does not bundle Silverlight with IE (but it will apparently bundle Flash..).