Over-powered browsers --------------------- (preface: this entry took a few painful days to write, and I'm not terribly happy with it, but I've uploaded it anyway to keep the phlog alive. This is exactly the kind of lang, rambling thing I've tried to write in the past and given up on. It's precisely the thing this phlog is *not* supposed to be, but alas. Read on if you dare) In the beginning, web browsers did one thing and (presumably) did it rather well. They rendered HTML, in some primordial form, which is to say that they laid text and, very occasionally, images out on the user's screen. (aside: I suppose I'm basically assuming what browsers were like in the beginning. As best as I can recollect, I first used a web browser in 1995 or 1996. I was 10 or 11 years old at the time, and I don't know which browser I actually used. I do know that later in the 90s I was squarely a Netscape Navigator or Communicator user, but My First Browser eludes me. Which is frustrating, because it's possible I actually used the infamous Mosaic, but I'll never know) Nowadays web browsers are basically sandboxed program execution environments for running Javascript programs or doing various things which HTML 5 provides for, like streaming video, persisting data to the hard drive, etc. At this point you are presumably expecting me to burst forth into angry insistence that the way it used to be is the One True Way and that the current state of affairs is The Worst Thing Ever. And if you have a very good memory, you probably recall that in an earlier phlog entry ("Web apps are houses built on sand") I said some unequivocally positive things about web apps (i.e. Javasript programs) providing a cross-platform development environment, and are wondering if this is the entry in which I reveal myself to be a hypocrite. Well, not quite. Web apps *are* nice in a lot of ways, for many applications. My primary beef is not so much that the computational capacity of the browser as a platform has increased, but that this capacity is used indiscriminately and irresponsibly. Let's go back to our hypothetical (probably not too wrong) Primordial Browser that renders HTML 1.0 and puts text and graphics on a page with relatively minimal flair, and let's assume that it's running on a modern high speed internet connection. This browser has a lot of nice properties, but perhaps what it boils down to is a complete lack of surprise. When you click on a link in this browser, you can fairly well assume that: * Your CPU usage will increase a little, but not too much, for a fairly brief time (i.e. a few seconds). * Your RAM usage will do the same. * In general, the consequences of your clicking, in terms of resource consumption, will be minimal and shortlived. * It is incredibly unlikely that your browser will crash during this time. * The entity hosting the website you clicked a link to will learn nothing about you beyond the information your browser inserts into the headers of its HTTP request. If the browser has been written by smart people, is well tested and has been debugged, then the above are true even if the HTML of the page you clicked a link to has been written would really rather they were not true, or by people who do not know what they are doing. The narrow scope of the browser's capabilities presents a very small "attack surface" to either malicious or well-meaning but incompetent webmasters. Because there is no possibility of surprise, there is no requirement for trust. You can click around with abandon, because what's the worst that could happen? Compare this to the situation that actually obtains today. On a machine with a Core i5 or i7 CPU and multiple gigabytes of memory it is not only entirely possible but a *far from rare* occurrence for a website to cause CPU usage to spike to nearly 100% and stay there long enough for a laptop's fans to kick in at high speed. Memory consumption for long-running browser processes are measured in hundreds of megabytes if not gigabytes. Browsers can feel quite slugish and slow to respond to user input, and a single very busy website can bring a system to its knees, at least temporarily. Even if a website seems to be fast and responsive, the real truth is that you have no idea what it's actually doing. I recall reading at one point about a browser history sniffing exploit where a website could learn which other sites you had visited by virtue of the behaviour of browsers whereby visited links are coloured purple rather than blue - evidently Javascript provides the ability to interrogate the browser about the colour of various elements in the document. This is an example of a website harming a visitor using an unexpected consequence of a behaviour which there is no compelling reason to be possible in the first place. In short, there is tremendous scope for surprise and thus you are necessarily placing a great deal of trust in the entity behind every page you visit. I would argue that fast, resource-light and trust-free browsing is A Good Thing. Unfortunately, it is basically a relic of a bygone era, because these days 99% of websites are laden with superfluous Javascript and advaned HTML features, even if they are not at all strictly required to achieve the goal. In essence, I would argue that acting like a modern browser is necessary and acceptable for websites which are obviously applications -- which *need* to be applications in order to do what they say on the tin -- but for all other sites we should demand behaviour as was seen in simpler times. All well and good, but can we ever hope to actualy see this? Probably not, but indulge me. The web-design community has an excellent track record when it comes to convincing people to care deeply about what many might consider irrelevant, abstract, ideological nonsense. Just you try and use <table>s for layout in 2017. The web-design community will crucify you. And not because doing the layout with CSS is easier (it bloody well isn't) or that it loads faster or looks better. It's because that would make the mark-up non-semantic. This is a remarkable achievement. A group of people who at the end of the day are doing a job to put bread on the table made one another deeply care about some abstract principle which is literally invisible to their clients. The same goes for writing HTML or CSS which validates according to the W3C specs, which was once upon a time an important enough mark of virtue for a web designer that people (myself included) put little badges on our wesites when we got it right. Could this same capcity for self-regulation be used for great justice? Imagine an alternate world in which every webpage had to explicitly tell the browser what kind of a page it was (via a specific DTD, or some new element inside of <head>) - "I am a full blown webapp", or "I am just a dumb ol' document" or something in between. And imagine that this was not just some idle declaration of intent, but more like a binding request for the browser to grant the page a certain set of permissions (think of the way permissions give Android apps fine-grained access to the phone's capabilities - but don't think of it too hard, because it's terribly done, e.g. there is no culture of developers striving for the least permissions possible, nor of users demanding this, and no means for the user to deny individual permissions an app wants with the understanding that some features may not work). A webpage which declares itself to be just a document can execute no Javascript (or perhaps some very, very minimal subset of JS), whereas one which declares itself a full blown app may. Perhaps there are 5 points on a scale between these two extremes. Imagine that this system not only existed, but that web designers made one another care about this, so that declaring a webpage which tells residents of a particular council which day of the week they can put their recycling out for collection to be a full-blown web app would get you ostracised the same way using tables for layout would. Imagine if websites demanding the highest level of permission caused the browser to ask the user if they were sure about visiting it, unless they were served from a small list of whitelisted domains. Imagine if browser developers wrote totally separate rendering engines for each of the five permission levels, optimising each engine for its specific set of capabilities. The simplest engine would make it totally impossible for a tab displaying a page rendered by it to consume more than 5MB of RAM, and would perform zero computations after the initial parsing and rendering. The simplest engine would be so simple that individual humans could read and understand all the source code in a few days. It could be audited very carefully for security vulnerabilities. In the same way that demoscene coders pride themselves on getting very old hardware with limited computational power to generate amazing spectacles of vision and sound, some web designers might get very competitive about making sites which looked beautiful even though they used the lowest or second-lowest level of permissions only. Such a scheme would not only alleviate the resource devouring, security and privacy problems of the modern web, but it might also force webmasters to exercise some basic courtesy as well. Auto-playing videos, for example, would only be available to pages declaring themselves to be in the highest or second-highest permission tier. This is a very appealing vision, to me at least, but I don't expect it to ever happen. The internet is, by and large, funded by the commercial spoils of survelling everybody on it, and this scheme would curtail that surveillance substantially. But we *could* have built this...