WingNews logo WingNews
top | item 46615371

(no title)

azertify | 1 month ago

I think that Ladybird has driven a lot of the effort, otherwise we'd just see browsers continuing to use Chromium with backports to allow v2 being worked on.

Ladybird was already progressing rapidly within SerenityOS well before it was officially launched, and I think that's given people a new inspiration for how plausible it is to create a browser from scratch. I'm really pleased we're seeing Servo having a resurgence too.

discuss

order

p-e-w|1 month ago

It’s indeed rapidly progressing feature-wise, but I have yet to see an explanation for how they intend to manage security once market adoption happens.

Ladybird is written in C++, which is memory-unsafe by default (unlike Rust, which is memory-safe by default). Firefox and Chrome also use C++, and each of them has 3-4 critical vulnerabilities related to memory safety per year, despite the massive resources Mozilla and Google have invested in security. I don’t understand how the Ladybird team could possibly hope to secure a C++ browser engine, given that even engineering giants have consistently failed to do so.

jsheard|1 month ago

> Firefox and Chrome also use C++, and each of them has 3-4 critical vulnerabilities related to memory safety per year, despite the massive resources Mozilla and Google have invested in security.

And part of Firefox/Chromes security effort has been to use memory safe languages in critical sections like file format decoders. They're far too deeply invested in C++ to move away entirely in our lifetimes, but they are taking advantage of other languages where they feasibly can, so to write a new browser in pure C++ is a regression from what the big players are already doing.

torginus|1 month ago

I just checked out Servo, and like all browsers it has a VERY large footprint of dependencies (notably GStreamer/GOject, libpng/jpeg, PCRE). Considering browsers have quite the decent process isolation (the whole browser process vs heavily sandboxed renderer processes), I wonder how tangible the Rust advantage turns out to be.

binary132|1 month ago

Ladybird is going to use Swift.