New Linux Desktop Environment Built on Firefox 198
IL-CSIXTY4 writes "'Pyro is a new kind of desktop environment for Linux built on Mozilla Firefox. Its goal is to enable true integration between the Web and modern desktop computing.'
This looks like an interesting marriage of the web and the desktop. In Pyro, Web apps run in windows on the desktop, right alongside desktop apps (through compositing). Features expected in a desktop environment, like task/window selection and an Expose-like function, are written in Javascript." "
IE4 Anyone? (Score:5, Insightful)
Re:Haven't we done this before? (Score:5, Insightful)
Re:Somehow familliar (Score:3, Insightful)
"In theory, practice and theory are the same. In practice, they're not"
Winnie The Pooh
Modern computers don't make everything "wait" for something to happen. They multitask. Even modern browsers (Opera, IE, Safari) multitask. Firefox doesn't.
For Firefox, loading of several files over the network is a Very Important Thing, and it'll just hang in mid-action waiting for the network to say something. That's pretty bad.
JavaScript has no concept of threads. Also it has no concept of security, apart from the "100% trusted" or "100% not-trusted" sandbox.
It'll be very funny to watch this project fail into obscurity, for those interested. I'm not.
Re:First read (Score:3, Insightful)
Yeah, I don't like the sound of this either. Seems like a two-level trust scheme: trusted websites have access to everything.
One of the design flaws in present day GUIs (including all the X11-based GUIs for Linux) is that one malicious application can compromise the entire GUI if it can open a window. This is true even if you take the sensible step of running untrusted applications as another user: you still have to give them access to your display, so (for example) a compromised Firefox can still act as a global keylogger even if it's running as nobody. There are ways to avoid this in X11 (using Xnest for example) but these are rarely used because they don't integrate well with other applications.
Is that design flaw now being extended to include web applications loaded from a possibly compromised remote server? Written in Javascript, which has proved notoriously hard to secure? Sounds nasty. Secure sandboxing should be built into every level of both the OS and GUI design so that nothing has to be "trusted".
Re:IE4 Anyone? (Score:5, Insightful)
Re:Does this mean... (Score:4, Insightful)
So what is it that makes this any different?
Re:IE4 Anyone? (Score:4, Insightful)
Re:Desktop environment built on bugs? (Score:3, Insightful)
-matthew
Use the hammer! (Score:3, Insightful)
When you're so tunnel blind that all you can see is the web, then everything starts looking like a web page.