Skip to content

Instantly share code, notes, and snippets.

@zedd45

zedd45/Angular-U-Doug-Crockford.md

Last active August 29, 2015 14:23
Show Gist options
  • Save zedd45/b252a09f3bf7b414d03f to your computer and use it in GitHub Desktop.
Save zedd45/b252a09f3bf7b414d03f to your computer and use it in GitHub Desktop.
Download ZIP
Doug's Talk on what comes after HTML
Raw
Angular-U-Doug-Crockford.md

Talk 9: Douglas Crockford: Security

History

  • with diskdrives, we have programs sharing the same spaces, so passwords appear
  • shared time on a processor is next
    • prevents access to other users
    • ensures the CPU time is "paid for"
  • As the web grows, humans cannot remember their passwords
    • RFC 1738 (1994) - describes URLs & use of passwords in URL
      • sent in cleartext!
      • aware this is a problem

      • "clearly unwise"

        • massive understatement

What's Wrong

  1. it's insecure
  2. it's complex
  • complexity => insecurity
  • brilliant in being decentralized and the initial web was very simple
  • W3C cannot remove any complexity / standards, but they can only "add bugs"

http

  • container for Key: Value pairs
  • negotiation - browser & server agree on formats to exchange
  • req / res protocol
    • http req one thing, blocks, then req another
    • added channels, which adds complexity

DNS

  • convenience for ugly, unmemorable numbers (IP)
  • trademark issues
  • not trustworthy (attacker can force redirect)

SSL

  • so complicated we still don't have it working correctly

CAs (Certificate Authorities)

  • can be verified offline
    • was this desirable? if we're not online, why check this?
      • needlessly complexity
  • "I don't trust them."
  • Verisign just accepted money to issue a cert
    • hacked
    • lied about being hacked
    • issued bogus certs
  • hundreds of other CAs
    • browser trusts all of them equally

HTML

  • complex
    • thus came MarkDown
  • SPAs: also terrible. not designed to do this at all
  • we've spent decades learning how to use this effectively
    • it's amazing we've been so successful

Templating

  • I hate for 3 good reasons
    1. where XSS comes from (handlebars)
    2. everything becomes HTML - Layer Leakage
    3. "It's a Trap" - if everything is focused on making HTML, we'll never be free

DOM

"worst API ever invented"

CSS

  • crappy style sheets
  • designed to do technical documents
  • amazing we made it work, but that's not what it was for

JavaScript

  • hot mess. getting messier.
  • good parts in ES15, might be some in ES16 even.
  • keeps getting bigger and bigger
  • "there is a good language inside of this language"
  • "I'm hoping one day we'll get rid of JS, b/c I'm really tired of JS"
    • "it's still better than everything else"
    • many have tried
      • MS, Apple, Adobe, Oracle, and more (Google! DART!)
      • tech was much better
      • most cases, closed system
      • there was no transition plan

Upgrade the web

  • I don't want to replace it, I don't want to capture it
  • I want to keep the things it does well
  • my model is based on HDTV vs SDTV
  • NTSC: "Never Twice the Same Color"

HDTV

  • if TV goes out, riots will happen
  • FCC and supreme court was even involved
  • set top box was something on top of your analog TV

Helper App = set top box

  • if given a URL you can pass to another application (think itunes links)

Transition Plan

  1. Convince one progressive browser vendor to integrate this helper app
  2. Convince one secure site (FI) to require it's customers to use this browser
  3. Risk Mitigation will compel other secure sites
  4. Competitive pressure will compel other browser vendors
  5. The world will follow for improved security & faster application development
  6. nothing breaks! (No changes at all to current HTML.)

Strong Crypto

  • ECC 521
  • AES 256
  • SHA-3 256

Zooko's Triangle - Naming

  1. human meaningful
  2. securely unique
  3. global: decentralized

IDs

  • ECC521 public keys as unique ids
  • guaranteed unique

Secure JSON over TCP

  • blobs over the wire will go really fast
  • req / res cycle will break, so we don't have to wait for that lop
    • can send messages and receive data and no need to wait

scheme

web: publickey @ipaddress / capability

trust management system / PetNames

  • keeps creds & relationships in cloud in some secure way
  • avail across devices
  • pet names - friendly name

Vat

  • model for computation.
  • nothing gets in / out except for the correct containers
  • much stronger than sandbox - no leaks
    • "if you have a cat like I do you don't like that"
  • each party gets it's own vat for even a single application
    • can't corrupt or confuse each other
    • exchange JSON messages
  • "cooperation under mutual suspicion"
    • I have a hard time trusting things; with this model I don't have to
    • I put your code in a vat and don't worry it can only do what the API does

JavaScript Message Server

  • probably node js
  • two problems
    • way overspecialized for HTTP
    • I have much higher security requirements than Node does
  • Qt (cute)
    • dev'd in Norway
    • just the visual presentation and interaction
    • no access to file system or network
  • Vat has access to FS and Network, but not display

the old web: promiscuity

the new web: commitment

In the meantime, keep doing what you are doing

Follow Up

I don't see value in type systems the best one is in haskell I find I'm more productive with just plain old javascrit turns out if you were raised in Java and you can't think functionally, then it's a good thing for you functions are so much more expressive classical programmers will go to their graves never knowing how miserable they were

I'm not saying type systems have no value, but there is not enough value yet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment