| ▲ | pdpi 6 hours ago | |||||||
Software engineers at large would benefit from playing World of Warcraft, and seeing the ongoing fight between Blizzard and add-on authors. WoW's whole UI is built in the same Lua environment as add-ons, and Blizzard has implemented some interesting restrictions (like the taint system[0]) to prevent add-ons from completely automating gameplay. 0. https://wowpedia.fandom.com/wiki/Secure_Execution_and_Tainti... | ||||||||
| ▲ | Groxx 5 hours ago | parent | next [-] | |||||||
Thanks! I've been meaning to read up on taint systems, looks interesting :) I'm somewhat convinced that taint-influenced capabilities is a good future model to pursue. Computers are fast, I'm fairly confident that it chould be done at whole-computer scale and still be reasonable... though probably not with a million electron apps. Which is likely a good thing in aggregate (I say as a fan of web tech and the very compelling features such things offer. Great for minor or PoC, not for major pieces of software). | ||||||||
| ▲ | AlienRobot 6 hours ago | parent | prev [-] | |||||||
World of Warcraft is one of the most popular MMO's ever made. You simply can't expect every software that wants a plugin system to have the same security practices as the most used software in the world. In fact, there are many reasons why you might want a plugin to have full filesystem and internet access, such as batch processing or simply adding things directly from webpages. Sandboxing this will just make plugins less useful. In the end it's a problem of trust. You're installing software from untrustworthy developers because you trust the name of the application those plugins are associated with. You could fix the problem in Obsidian, but the same problem will happen in other software. Some of which simply can't justify bothering with sandboxing plugins. This is just the way plugins are. | ||||||||
| ||||||||