FRESH

Hacker News

Arcan Explained – A browser for different webs

41 points by walterbell

by walterbell

0 subcomment

2015 intro, https://www.youtube.com/watch?v=07nqZIFRDJg

  The idea behind Arcan was to find the crunchy middle between a display server, a game engine and a multimedia processor. The control plane to this [BSD] “desktop engine” was designed for a scripting API targeting entry-level developers. Lua remain as the weapon of choice for that role as a better follow up to the ‘BASIC’ of the home computer era..

 Static.. means that the compiled app is not capable of loading code outside of its own package, except for a set of preset helper scripts.. user controlled opt-in rather than an opt-out as in “install extension to disable javascript”.. security model comes from a combination of least-privilege and capabilities. “Decode” is security wise the most sensitive one as that is where parsing of untrusted inputs go. “Encode” is privacy wise the most sensitive one as that is where the real ‘you’ distil into digital form.

by theamk

1 subcomments

This post would benefit greatly from using common terminology, or with some specific comparison to existing technologies. This article implies Arcan will fix the problems with the existing web, so giving a few examples of problematic Web behavior and how Arcan would fix it would be great. Some cases I'd like to read about:
- User opens a very old website (arcan-site?) which uses very old versions of browser standards. (In regular web, this is handled by browsers painstakingly added compatibility and quirks modes.)
- User opens the very newest website, which uses all the latest website standards, including new video codec, new font and new text rendering effect. (In regular web, this would only happen once most clients update to the very latest version of the browser, and telemetry says enough clients have updated)
If the answer to the question above is "Arcan will use a different external client for each", then how will those clients be managed? Is there going to be a allow-list of video codecs and text renderers hardcoded into the browser? Or any site can specify any requirement, and browser will just go fetch it automatically on first visit? Or will there be a user prompt ("This site uses LALA.Image codec which is not installed. [download and install] [go back]")? Oh, and those codecs/renderers, are they all Lua, or a native code?
- User comes to an artistic website whose author thinks purple on red is a great color schema. In current web, I'd use "reader mode", or a custom UserScript if I plan to go to website often. What happens in Arcan - is this up to the "decode client"? What if the site author chose a "decode client" which has no such functionality?
- User comes to a hostile website, which contains content they want to read, but also 78 tracker scripts which send data to 9000 partners and a cryptominer. In the regular web, this is where adblockers shine - the tracker scripts are external, so they are easily blocked, plus they are "plugins" so they can go and mess with page's code. What happens in Arcan world? Arcan has no dynamic loader, so all those 78 tracker scripts and cryptominer will be bundled into main app during "compile package sign" process, and presumably obfuscated as well. Does Arcan browser has a place for adblock? Where in the layers does it live? If it lives in "decode client", can website author choose the client which has no adblock functionality?

by N_Lens

2 subcomments

What an unengaging and verbose article.