Trust Among developers

[RodFireProductions]

Recently while making my own adopt iframe that people embed in their sites, I starting thinking about a certain level of trust developers must have with each other. Stuff like web gardens and Gifypet require you to embed a whole site page to your website that could be running any sort of code. I doubt many inspect those iframe pages to see what kind of code they're running before adding them to their site.

It's not even just the code part that could go wrong either. At anytime, those pages you're embedding could change without notice. They can be changed to something entirely different if the person who made them decides to.

Lighthearted example: One day you could have an adopt on your site; the next day it's a Rick Astley gif with code that spams all the song lyrics to Never Gonna Give You Up in your console.

[Guest]

That's why I don't embed anything from other sites on my site. They could change it to spyware, ads or a straight up virus any time.

[Commodorn]

I kind of thought something similar when it comes to links specifically. There is still a possibility that someone can change their website that you've linked to something malicious or uh.. of bad taste.. but mutual trust happens to be a very important part of a strong and healthy community. Yes, someone theoretically can break that trust and probably will at some point (speaking generally, not just about links), but completely isolating yourself or your site from everyone who "could" ends up being way more harmful than taking the risk of putting trust into the ones around you. If everybody suddenly stopped linking and supporting eachother here, this community would probably collapse faster than cotton candy in a hot shower.

People that you feel are very likely to or obviously have ill intent are an exception, by the way- I'm just talking about people who "could" just because technically anything is possible.

[Melooon]

Welcome to the human condition 

You walk down the street every day and anyone could do anything! When I buy milk in a shop, I expect the shop keeper to put my cash in the register; but they could just as easily eat my cash and sing the star spangled banner!

Thankfully you can usually count on social norms, shared goals and a general desire to get along  , and as Commodorn said; that trust is necessary for any community to exist.

[glacial_pace]

i think if youre using iframes for other people's sites you definitely should be disabling JS execution with the "sandbox" attribute:

https://stackoverflow.com/a/16868813

other than that, yeah i mean if they've got some form or something else in the iframe, that's obviously just bad ethics

[Gans]

I don't think that issue has that much to do with trust. Site hosters get hacked, so site become malicious, it happens. This web garden looks nice and dandy, but maybe a static image of the sites and a "report" button would be enough against that security nightmare of Frames or Iframes.

Travelling across the internet without some kind of script blocker is a whole nightmare in itself!

[Guest]

Travelling across the internet without some kind of script blocker is a whole nightmare in itself!

Except if you only visit websites that support that. =3

[brisray]

The web is a risky place, but it always has been. It was common even in 1990s to find tech forums (usenet newsgroups) where the advice given to unwary users who had computer problems was to find system32 in the Windows directory and delete it. Or install something like a renamed DeleteAll - a utility used to wipe disks - and type something like "myfriend -nv *.*" 

The -nv switch or whatever it was meant non-verbose and users had no warning at all what was happening except for a lot of disk activity as every file was being deleted and overwritten so it couldn't be recovered. The program was a TSR (terminate and stay resident) so it could even delete itself from the disk.

Open source is supposed to be safe because everyone can look at the source code and inspect it. But how many want or can look through code and see what's happening? The Ubuntu kernal has 30 million lines of code in it! Anyone remember Heartbleed? The vulnerability was in OpenSSL for years, unfortunately the bad guys found and used it before the good guys knew it was there.

Linkrot is an odd thing. Loads of sites go offline everyday so links stop working. The worst to find automatically are ones that have been repurposed as they still give a valid server 200 (OK) response. The funniest I saw was on a college site I was rewriting. One of the links was supposed to go to some academic site but the domain had changed hands and went to a Japanese porn site instead.

[RodFireProductions]

i think if youre using iframes for other people's sites you definitely should be disabling JS execution with the "sandbox" attribute:

One, I think that's really cool. I didn't know you could do that. Two, that kinda takes the way the whole point why certain things are iframes. For example, Gifypet needs JavaScript to run. Your pet wouldn't work if you disabled JavaScript.

That's why I don't embed anything from other sites on my site.

Also speaking of Gifypet, I do find it interesting that you say this even though you have one on Libre.Town's home page. Though, I assume that's because Melon is seen as a trusted individual/friend. (p.s. Your pet is really cute)

I kind of thought something similar when it comes to links specifically. There is still a possibility that someone can change their website that you've linked to something malicious or uh.. of bad taste.. but mutual trust happens to be a very important part of a strong and healthy community.

Yeah, this is basically the reasons I'll link to people and use their iframes. A community built on distrust isn't a community; plus, I typically don't assume malicious intention from people without reason. I'd personally like to believe that most people don't create shareables with ill intent, though I do understand the worry and reality.

This is kinda why with my own iframe-ables I've created, JavaScript isn't necessary for them to look good and work. Yeah, certain customization might not be there but it'll still work. I personally roam the web with JavaScript enabled, but I know there's people that don't so I try to accommodate that when I can.

This web garden looks nice and dandy, but maybe a static image of the sites and a "report" button would be enough against that security nightmare of Frames or Iframes.

Travelling across the internet without some kind of script blocker is a whole nightmare in itself!

I dunno, I feel like the whole point of web gardens it to be interactable; that's what makes them unique to other shareable / adoptable things like Teeny Towers. I could see a separate option where it's plain HTML and CSS code blocks you share instead though.

[Guest]

Open source is supposed to be safe because everyone can look at the source code and inspect it. But how many want or can look through code and see what's happening? The Ubuntu kernal has 30 million lines of code in it!

... thousands and thousands of people? The Linux kernel is the most documented and studied piece of software around. It's certainly better than having nothing to look at.