Follow

Chromium grows by over 10,000 lines of code per day.

How often do you think security vulnerabilities are introduced at that pace?

How do we write secure software? Is it by writing giant applications with endlessly growing scope? Here's another idea: set a finish line and fucking stop when you get there. And don't make software which does everything in the first place.

It's said that on average there are 15-50 bugs per 1,000 lines of code

@sir can I see where you got that data?

@a7 quora post gives a number from 2012, openhub gives a number for today, interpolated between them and rounded down to 10K to compensate for errors

@sir I saw 600 thousand removals and 614 thousand additions for the week, which suggest a lot of changes, and theres no telling how many of those 14 thousand lines are comments. So that comes out to 2000 lines a day at most just for the week... which is still a lot but not 10,000 a day

@a7 34,882,169 today, 5,448,668 in 2012. In the 6 years in between... shit, 7 years... *redoes the math*, that's 29,433,501 LoC, or 4,204,785 per year. Over 365 gives 11,519.

@sir I often think about a talk by Jack Diederich where he says "I hate code and I want as little of it as possible in our product. We don't ship code, we ship features, and our customers don't care how much code we have".

I think that's a mantra that all developers should have in mind.

@kungtotte even that mode of thought is flawed. Customers don't want features, they want their problem solved.

@sir @kungtotte
Marketing sells software by implying that the features will solve their problems. FOSS buys into it uncritically more often than not

@sir that's a fair point. I tend to think of features as the set of things that makes it do whatever it needs to do in order to solve the problem and not make life harder for the user. Not "things a marketing department uses to sell the product".

@sir systemd-browserd and systemd-electrond will make this all so much better!

@sir
Since all the top browsers suffer from some degree of scope creep, I have to wonder if the problem is systemic, and not isolated to one vendor.

Keeping in mind that every wrong decision is based on some amount of legitimate reasoning, why do our browsers grow in complexity at such a quick pace? Is it possible to build a browser with a "finish line" in our modern ecosystem? What would need to happen for that to be feasible?

@pcrock @sir
the web standards would need to settle instead of being endlessly growing "living standards"

@Wolf480pl @pcrock @sir
honestly, web browser grew to be so important that they might be >the< piece of software, that justifies using formal proofs of correctness.

@glaurungo @pcrock @sir
that's an interesting way to make sure they stop growing new features

@kai
Ha, sorry, sometimes I forget that thinking and ranting are mutually exclusive activities.

@sir what could possibly even need to be improved that much? it sounds like a massive busywork project.

@sir while I agree with the sentiment (and i certainly do not trust Chrome to lead the advance of the state of the web) there is a historical precedent for setting a finish line for the progress of the web, and it's Internet Explorer 6

@sir
so much for the Unix philosophy. what features are they even adding?

@georgia @sir they're implementing the quadrillion of useless things that are constantly getting into the HTML/JS/CSS specifications probably

@sir

While this is true and it's legitimately a problem, there's a reason this is happening: the capabilities of browsers are ever-expanding. With the introduction of everything from WebAssembly to WebVR to the gamepad API and more, the actual scope of what a browser does is ever increasing. To halt the expansion of vulnerabilities the expansion of features needs to be curtailed.

Really, that's a harder sell than it would seem to be.

@sir
Dont you get it? -> chrome is an OS on an OS.

It can do everything from one program

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!