Re: nspluginwrapper and libflashsupport updates for adobe-flash-plugin

[Swift Griggs <swiftgriggs%gmail.com@localhost>]

On Fri, 30 Oct 2015, J. Lewis Muir wrote:
> More like it's a real shame that the people that write the browsers 
> can't write secure code.

Well.... good point. That too. It's all a matter of perspective, I 
suppose.

> Related to this, it's a real shame that the Web specs are so complicated 
> that it adds to the difficulty of writing secure code.

  IMHO, this is where the really tough problems lie. The W3C and others 
seem to feel like they have to bow to corporate pressure and constantly 
keep their standards "updated". Of course that makes maintaining a browser 
a herculean effort. I suppose they think that if they didn't someone like 
Microsoft might propose a new spec and supersede them. Plus, the hordes of 
people who want the web to be as "produced" as possible would scream 
bloody murder if someone dares utter that HTML 1.1 seemed far better in 
some significant ways. Yes, there were lots of improvements post-1995 that 
made HTML work better, but there was just as bloat as lean muscle in those 
subsequent specs.
  This "new" internet smells less like a lab or an engineering shop and 
rather a lot more like a corporate suburban strip mall. Fortunately, there 
is enough bandwidth to spare these days that Luddite curmudgeons like me 
can still exist in the margins, surviving off discarded crumbs of W3C and 
other now captured corporate committees.
  I find myself using Elinks, Dillo, Amaya, and other alternative browsers 
that deal with CSS and javascript by either not doing it, or stripping 
down their functionality. Yes, a lot of the web looks bad that way. I 
guess it's a good thing that I care more about the content and I'm so 
shockingly unconcerned with what they look like.

> And it's a real shame that a lot of Web content is malformed, yet we 
> expect the browsers to handle it anyway.

  True. Of course, if you are making a web browser, the last thing the 
user wants to see is a pop up saying "The person who made this web page 
didn't know what they were doing. Sorry." then a blank screen or a 
misrendered/fried page. Also, I'd go one step further and say that a 
significant amount of the code in pages we see these days are actually 
partially malicious and trying to establish greater and greater levels of 
surveillance over their visitors (cookies, ghost cookies, malicious JS 
code, etc... ). It might not technically be a "virus" but it's certainly 
not working in the user's best interest. So, broken/malformed content 
isn't even the biggest concern, unfortunately.

-Swift