BYOND browser

ID:134093
 
Jul 1 2007, 8:18 am
This may overlap with other suggestions being discussed, but I'd like to post it plainly.

I'd like an option on the BYOND Pager to restrict the available of browser windows in games I join. The options I'd like to see are as follows:

Allow All or Deny All: Allow All is like current, where any game which requests a browser window gets it. Deny All blocks all browser requests; blocked browser procedures should probably return false instead of true, to let the programmer know that it has been blocked.

Blacklists/Whitelist: Allow All would still let you block certain games, and Deny All lets you introduce selective openings for games you trust.

Ask option: whenever a game asks to use a browser control, it asks you first. The dialog that asks for permission should include the option checkboxes "Always for this session" and "Always for this game".

Thanks!
Jul 1 2007, 9:20 am
This will make everything so much harder. :(

If your suggestion is implemented there should definitely be a new client proc that returns true or false depending on if a player has the browser allowed or not.

Then I can do this:

mob
   Login()
      if(!client.allowBrowser())
          src << "Paranoid much?"
          del(src)

Jul 1 2007, 9:44 am
No, no, no! Just because you've had a bad affair with another developer does not mean that all other developers should be alienated.

In fact, I have a suggestion of my own: I'd like an option which prohibits PirateHead from making "block these feature" posts. Y'know, just for the odd chance that Tom gets drunk, comes on the BYOND forums, reads one of your suggestions and signs a contract approving the feature.

You might as well ask BYOND Staff for you to be able to "allow all" or "deny all" resource files being downloaded to your computer. Who knows, perhaps someone will upload a trojan?

Fact is, all those programming languages, wether they're DM, C++, VB, D and even GMC allow for the developer to do some pretty malicious things. It's one of those things that defines such a language.

-- Data
Jul 1 2007, 11:28 am
They might as well just remove the browser altogether and replace it with a simple table-and-CSS-reading display control in 4.0.
Jul 1 2007, 11:29 am
They might as well just remove the browser altogether and replace it with a table-and-CSS reading control for 4.0. If people need to visit forums or help pages, they can send them a link.
Jul 1 2007, 11:59 am
In response to Foomer
Foomer wrote:
They might as well just remove the browser altogether and replace it with a table-and-CSS reading control for 4.0.

And lose all the functionality the browser can offer? Hell no.
I'd rather that they package it with Gecko so this fuzz about security vurnerabilities can stop.

-- Data
Jul 1 2007, 1:18 pm
In response to Android Data
Android Data wrote:
I'd rather that they package it with Gecko so this fuzz about security vurnerabilities can stop.

I'd love for that to happen, but have you ever looked into embedding Gecko? It's not easy, not even close to as easy as it is to embed IE. There's a reason you don't see many applications with Gecko built-in. The Mozilla Foundation has basically said it's not terribly interested in Gecko-as-a-platform any more, they're basically just concentrating on Firefox (and I guess Thunderbird, but not much).
Jul 1 2007, 5:29 pm
In response to nick.cash
nick.cash wrote:
Android Data wrote:
I'd rather that they package it with Gecko so this fuzz about security vurnerabilities can stop.

I'd love for that to happen, but have you ever looked into embedding Gecko? It's not easy, not even close to as easy as it is to embed IE. There's a reason you don't see many applications with Gecko built-in. The Mozilla Foundation has basically said it's not terribly interested in Gecko-as-a-platform any more, they're basically just concentrating on Firefox (and I guess Thunderbird, but not much).

They're forced to update the browser from IE4. They want to include AJAX into the browser to make it easier for the browser to interact with other controls correct? They can't use IE4 to do so. So, I bet they'll be updating the browser to something more modern. To what I can't say, but I've heard rumours.
Jul 1 2007, 5:50 pm
In response to Android Data
Android Data wrote:
No, no, no! Just because you've had a bad affair with another developer does not mean that all other developers should be alienated.

This does not take any freedom away from developers. Similarly to how I can (and do) block Flash and Java in my web browser, it would give users the freedom to choose what content they want their BYOND client to load.

You might as well ask BYOND Staff for you to be able to "allow all" or "deny all" resource files being downloaded to your computer. Who knows, perhaps someone will upload a trojan?

Right! Naturally, the only way to be completely safe from BYOND is to not run it at all!

You're missing the point. The browser is a possibly exploitable interface, and if users want to disable it for all but certain games, I don't see why that's anything like not having the browser even download any game resources.

Fact is, all those programming languages, wether they're DM, C++, VB, D and even GMC allow for the developer to do some pretty malicious things. It's one of those things that defines such a language.

That's wrong. BYOND is a sandboxed language, like Javascript and Flash. It is only given certain permissions, and it should not have the ability to do anything potentially harmful to the gamer's computer. This is part of what makes BYOND great and sets it apart from the others - because of sandboxing, you can be more trusting in which games you want to join. Flash games are popular for the same reason.

I think that any improvements to BYOND's sandboxing should be welcomed, not (wrongly) associated with restrictions on the programmer.
Jul 1 2007, 7:39 pm
In response to Tiberath
It goes on whatever version of IE the user has installed.
Jul 1 2007, 7:53 pm
In response to nick.cash
nick.cash wrote:
Android Data wrote:
I'd rather that they package it with Gecko so this fuzz about security vurnerabilities can stop.

I'd love for that to happen, but have you ever looked into embedding Gecko? It's not easy, not even close to as easy as it is to embed IE. There's a reason you don't see many applications with Gecko built-in. The Mozilla Foundation has basically said it's not terribly interested in Gecko-as-a-platform any more, they're basically just concentrating on Firefox (and I guess Thunderbird, but not much).

I investigated using Gecko last month. Implementing it correctly (where we have full control over the browser) is, as you say, quite difficult.

We can, however, embed an available third-party active-X implementation of a Gecko browser that simulates the IE web-control. I tested this and it works fine. The problems are that 1) some games currently rely on IE behavior-- we could either force them to update or run IE for old games. And 2) it requires distributing an extra 4MB file with the initial BYOND install, and tweaking the installer to setup the control. Since BYOND itself is < 3MB this is pretty annoying, but I suppose not the end of the world.

I'm considering this approach, not so much for security reasons but because the Gecko component renders HTML much more reliably and gets around some of the hacks we need for users with IE < 7; as Nadrew noted, in the current BYOND we just use whatever IE is installed on the user's machine, since the distributable is a behemoth.
Jul 1 2007, 10:17 pm
In response to PirateHead
PirateHead wrote:
This does not take any freedom away from developers. Similarly to how I can (and do) block Flash and Java in my web browser, it would give users the freedom to choose what content they want their BYOND client to load.

I'm already saddened that it's possible to disable JavaScript and thus any of the more interactive browser windows I open. Disabling the browser entirely is not what I had in mind for the next version of BYOND.

Right! Naturally, the only way to be completely safe from BYOND is to not run it at all!

Exactly, just like any other program you run.

You're missing the point. The browser is a possibly exploitable interface, and if users want to disable it for all but certain games, I don't see why that's anything like not having the browser even download any game resources.

A developer could send a trojan along with the game resources which an ignorant user may open, if they use the run() instruction on it. A developer might as well send 120 MB of resources just to piss the ignorant player off, who thinks the game is super-cool and they should just wait until it finishes downloading those resources.

A developer could also choose to attack hosts who host in "trusted" mode, or use hosts to participate in a (minor) DDoS attack.

Furthermore, a developer is able to show gross pictures to other players. (In 4.0 it is possible to output these in the output window.)

It's obvious that there are some malicious things a developer can do. Again, I say, this does not mean that other developers should be punished for their misbehavior.

That's wrong. BYOND is a sandboxed language, like Javascript and Flash. It is only given certain permissions, and it should not have the ability to do anything potentially harmful to the gamer's computer. This is part of what makes BYOND great and sets it apart from the others - because of sandboxing, you can be more trusting in which games you want to join. Flash games are popular for the same reason.

I think that any improvements to BYOND's sandboxing should be welcomed, not (wrongly) associated with restrictions on the programmer.

This isn't a wrong association. If players are allowed to block certain procs from executing, developers have less power, and thus restrictions.

I'd only accept your features if it came with the ability to determine wether they're enabled or disabled. Then I can do the same as Elation will do: kick paranoid people like yourself from my games.


I'm here to "build my own net dream", not to "battle my out-of-bounds new dreamseeker".

-- Data