Of browsers and sausages

Posted by on Mar 18 2020, in asylon

“Je weniger die Leute wissen, wie Würste und Gesetze gemacht werden, desto besser schlafen sie!” (the less people know how sausages and laws are made, the better they sleep at night!) – Otto von Bismarck

Your web browser may be most complex piece of software on your computer. The original web browser to render html/txt from remote servers: pretty simple. That was 20 years ago. Think about what browsers can do today:

  • Render 3D graphics – with webGL you can have a 3D engine in your browser. You can play all sorts of games and view 3D online today.
  • Trivial to access your computer. You can drag and drop files directly into browser to upload them. Your webcam can be used in your browser for web conferencing.
  • Steaming Multimedia – this was always pretty clunky in the old days (usually) involved downloading files. Today streaming is the standard fair on the internet.
  • Geolocation – Browsers can detect your location – think all the online map tools you use.

Browsers can manage memory, hardware, and almost all the computing processes that an operating system (Windows, IOS, Android) can do.

To show how complex browsers have become, developer downloaded all the specifications for web standards, of which browsers face the brunt of the coding. In his article The reckless, infinite scope of web browsers, Drew Devault counted over 100 million words required by the specifications. He stated that:

I conclude that it is impossible to build a new web browser. The complexity of the web is obscene. The creation of a new web browser would be comparable in effort to the Apollo program or the Manhattan project.

Another developer, Casey Muratori, discusses how the duopoly of operating systems (Windows/Mac for desktops, Android/IOS for mobile) had led to less than optimal results for software:

In all cases, they are maintained by companies whose revenue does not primarily come from the sale of operating systems, and who have many incentives to pursue other goals that delivering the most stable, reliable, trustworthy experience. The operating system is never a product anymore — it is merely something users are forced to use based on the hardware they have chosen, and it is increasingly treated solely as a vehicle for pursuing the platform holders’ other business goals.

Our browser has morphed from a simple html renderer to a multi-tool we use for our lives. What are the consequences for using such a complex piece of software?

Less competition – Independent browser makers can not compete with the complexity. Apple and Google’s ecosystem make it very difficult to compete

More software vulnerabilities – Devault cites that there are over 8000 common vulnerabilities and exposures (CVE) for browsers such as Firefox, Chrome, Safari and IE. The more complicated the code, the more likely it can get exploited. This is a step away from Unix Philosophy axiom stating: Do one thing, and do it well.

Privacy is a second class citizen. Many of the default features of Firefox allow ‘digital breadcrumbs’ to be sent back to servers, other features allow disabled of certain functions (eg allowing sites to disable right mouse click).

A user on Github named 0XDE57 has compiled a large list of of under-the-hood features in the About:Config section for Firefox, some that may break certain websites. However, many of these can give you back some degree of control over your browser.

Another software programmer Andrew Chase compiled a list of modifications for Chrome and Firefox on Github, which is listed on github as well.

Closing thoughts.

Complexity isn’t necessarily a bad thing, however it does make obfuscation easier. The average user will not care how their browsers works, so long as it works.

Going back to Bismarck’s comment – the less you know, the better you can sleep. While some sleep may be lost knowing what your browser is doing under the hood, we should perhaps use that insomnia for making better software.