Home Events! Entrance Everyone Wiki Search Login Register

Welcome, Guest. Please login or register. - Thinking of joining the forum??
November 24, 2024 - @476.13 (what is this?)
Forum activity rating: Three Stars Posts: 47/1k.beats ~ Boop! The forum will close in 524.beats! Unread Topics | Unread Replies | My Stuff | Random Topic | Recent Posts    Start New Topic
News: :happy: Open the all windows! Your mind needs storms and air! :happy:

+  MelonLand Forum
|-+  World Wild Web
| |-+  ✁ ∙ Web Crafting
| | |-+  Trust Among developers


« previous next »
Pages: [1] Print
Author Topic: Trust Among developers  (Read 1343 times)
RodFireProductions
Jr. Member ⚓︎
**


🍄🖤🐀

⛺︎ My Room
StatusCafe: rodfire8181
iMood: rodfire8181
Itch.io: My Games

View Profile WWW

First 1000 Members!Joined 2022!
« on: February 09, 2023 @639.94 »

Recently while making my own adopt iframe that people embed in their sites, I starting thinking about a certain level of trust developers must have with each other. Stuff like web gardens and Gifypet require you to embed a whole site page to your website that could be running any sort of code. I doubt many inspect those iframe pages to see what kind of code they're running before adding them to their site.

It's not even just the code part that could go wrong either. At anytime, those pages you're embedding could change without notice. They can be changed to something entirely different if the person who made them decides to.

Lighthearted example: One day you could have an adopt on your site; the next day it's a Rick Astley gif with code that spams all the song lyrics to Never Gonna Give You Up in your console.
Logged

we art, web dev, and game dev
Memory
Guest
« Reply #1 on: February 09, 2023 @696.79 »

That's why I don't embed anything from other sites on my site. They could change it to spyware, ads or a straight up virus any time.
Logged
Commodorn
Full Member ⚓︎
***


Major Dork

⛺︎ My Room

View Profile WWW

Participated in the 2023 Profile Design Contest!First 1000 Members!Mushroom MadnessMessage BuddyJoined 2023!
« Reply #2 on: February 09, 2023 @723.07 »

I kind of thought something similar when it comes to links specifically. There is still a possibility that someone can change their website that you've linked to something malicious or uh.. of bad taste.. but mutual trust happens to be a very important part of a strong and healthy community. Yes, someone theoretically can break that trust and probably will at some point (speaking generally, not just about links), but completely isolating yourself or your site from everyone who "could" ends up being way more harmful than taking the risk of putting trust into the ones around you. If everybody suddenly stopped linking and supporting eachother here, this community would probably collapse faster than cotton candy in a hot shower.

People that you feel are very likely to or obviously have ill intent are an exception, by the way- I'm just talking about people who "could" just because technically anything is possible.
« Last Edit: February 09, 2023 @731.70 by Commodorn » Logged

"Please, captain. Not in front of the Klingons."
Melooon
Hero Member ⚓︎
*****


So many stars!

⛺︎ My Room
SpaceHey: Friend Me!
StatusCafe: melon
iMood: Melonking
Itch.io: My Games

View Profile WWW

Thanks for being rad!a puppy for your travelsAlways My PalFirst 1000 Members!spring 2023!Squirtle!!!!MIDI WarriorMIDI Warrior1234 Posts!OzspeckCool Dude AwardRising Star of the Web AwardMessage BuddyPocket Icelogist!OG! Joined 2021!...
« Reply #3 on: February 09, 2023 @737.80 »

Welcome to the human condition :tongue:

You walk down the street every day and anyone could do anything! When I buy milk in a shop, I expect the shop keeper to put my cash in the register; but they could just as easily eat my cash and sing the star spangled banner!

Thankfully you can usually count on social norms, shared goals and a general desire to get along :grin: , and as Commodorn said; that trust is necessary for any community to exist.
Logged


everything lost will be recovered, when you drift into the arms of the undiscovered
glacial_pace
Casual Poster
*

⛺︎ My Room

View Profile

First 1000 Members!Joined 2023!
« Reply #4 on: February 09, 2023 @789.84 »

i think if youre using iframes for other people's sites you definitely should be disabling JS execution with the "sandbox" attribute:

https://stackoverflow.com/a/16868813

other than that, yeah i mean if they've got some form or something else in the iframe, that's obviously just bad ethics
Logged
Memory
Guest
« Reply #5 on: February 10, 2023 @359.09 »

I don't think that issue has that much to do with trust. Site hosters get hacked, so site become malicious, it happens. This web garden looks nice and dandy, but maybe a static image of the sites and a "report" button would be enough against that security nightmare of Frames or Iframes.

Travelling across the internet without some kind of script blocker is a whole nightmare in itself!
Logged
Memory
Guest
« Reply #6 on: February 10, 2023 @480.10 »

Travelling across the internet without some kind of script blocker is a whole nightmare in itself!
Except if you only visit websites that support that. =3
Logged
brisray
Sr. Member ⚓︎
****


⛺︎ My Room

View Profile WWW

RocketmanFirst 1000 Members!Joined 2023!
« Reply #7 on: February 11, 2023 @972.40 »

The web is a risky place, but it always has been. It was common even in 1990s to find tech forums (usenet newsgroups) where the advice given to unwary users who had computer problems was to find system32 in the Windows directory and delete it. Or install something like a renamed DeleteAll - a utility used to wipe disks - and type something like "myfriend -nv *.*" 

The -nv switch or whatever it was meant non-verbose and users had no warning at all what was happening except for a lot of disk activity as every file was being deleted and overwritten so it couldn't be recovered. The program was a TSR (terminate and stay resident) so it could even delete itself from the disk.

Open source is supposed to be safe because everyone can look at the source code and inspect it. But how many want or can look through code and see what's happening? The Ubuntu kernal has 30 million lines of code in it! Anyone remember Heartbleed? The vulnerability was in OpenSSL for years, unfortunately the bad guys found and used it before the good guys knew it was there.

Linkrot is an odd thing. Loads of sites go offline everyday so links stop working. The worst to find automatically are ones that have been repurposed as they still give a valid server 200 (OK) response. The funniest I saw was on a college site I was rewriting. One of the links was supposed to go to some academic site but the domain had changed hands and went to a Japanese porn site instead.
Logged
RodFireProductions
Jr. Member ⚓︎
**


🍄🖤🐀

⛺︎ My Room
StatusCafe: rodfire8181
iMood: rodfire8181
Itch.io: My Games

View Profile WWW

First 1000 Members!Joined 2022!
« Reply #8 on: February 12, 2023 @154.81 »

Quote
i think if youre using iframes for other people's sites you definitely should be disabling JS execution with the "sandbox" attribute:
One, I think that's really cool. I didn't know you could do that. Two, that kinda takes the way the whole point why certain things are iframes. For example, Gifypet needs JavaScript to run. Your pet wouldn't work if you disabled JavaScript.

Quote
That's why I don't embed anything from other sites on my site.
Also speaking of Gifypet, I do find it interesting that you say this even though you have one on Libre.Town's home page. Though, I assume that's because Melon is seen as a trusted individual/friend. (p.s. Your pet is really cute)

Quote
I kind of thought something similar when it comes to links specifically. There is still a possibility that someone can change their website that you've linked to something malicious or uh.. of bad taste.. but mutual trust happens to be a very important part of a strong and healthy community.
Yeah, this is basically the reasons I'll link to people and use their iframes. A community built on distrust isn't a community; plus, I typically don't assume malicious intention from people without reason. I'd personally like to believe that most people don't create shareables with ill intent, though I do understand the worry and reality.

This is kinda why with my own iframe-ables I've created, JavaScript isn't necessary for them to look good and work. Yeah, certain customization might not be there but it'll still work. I personally roam the web with JavaScript enabled, but I know there's people that don't so I try to accommodate that when I can.

Quote
This web garden looks nice and dandy, but maybe a static image of the sites and a "report" button would be enough against that security nightmare of Frames or Iframes.

Travelling across the internet without some kind of script blocker is a whole nightmare in itself!
I dunno, I feel like the whole point of web gardens it to be interactable; that's what makes them unique to other shareable / adoptable things like Teeny Towers. I could see a separate option where it's plain HTML and CSS code blocks you share instead though.
Logged

we art, web dev, and game dev
Memory
Guest
« Reply #9 on: March 23, 2023 @405.13 »


Open source is supposed to be safe because everyone can look at the source code and inspect it. But how many want or can look through code and see what's happening? The Ubuntu kernal has 30 million lines of code in it!


... thousands and thousands of people? The Linux kernel is the most documented and studied piece of software around. It's certainly better than having nothing to look at.
Logged
Pages: [1] Print 
« previous next »
 

Vaguely similar topics! (1)

Linux gaming, when developers won't cross platform.

Started by Icey!Board ♖ ∙ Video Games

Replies: 10
Views: 2768
Last post July 05, 2022 @855.67
by Memory

Melonking.Net © Always and ever was! SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies Forum Guide | Rules | RSS | WAP | Mobile


MelonLand Badges and Other Melon Sites!

MelonLand Project! Visit the MelonLand Forum! Support the Forum
Visit Melonking.Net! Visit the Gif Gallery! Pixel Sea TamaNOTchi