As I recently mentioned, I’d like us to try a challenge problem as a new community activity.
Theme
The theme for the first challenge problem is “fearless extensibility”. Why “fearless”…? Allowing extension authors complete freedom to change all aspects of a system may seem like a malleable path to take, but it carries with it maintenance and security headaches:
- system maintainers (who are likely to be different from users and extension authors) tend to view fully open extension frameworks as a compatibility nightmare, as any future system change has the potential to break extensions
- malicious actors can take advantage of powerful extension pathways to inject malware, break security mechanisms, and perform various other undesired actions
- users worry they may break the system as they do not have full context on the impact of changes
Some people may try to dismiss such concerns by pushing those responsibilities to the extension user, but malleability is meant to empower all users of computation. Requiring everyone to become software experts is not a viable path.
How can we achieve powerful extensibility to configure systems to meet our individual needs while also reducing security and maintainability risks?
Further context
To explore a few design points in this space, let’s look at an example system: Firefox.
A while ago (before 2015), Firefox extensions were built using the same technologies as the browser itself. Extensions had essentially full control to change anything about the browser. However, extension malware was a recurring problem, and browser developers take user security quite seriously. Additionally, any change to the core of Firefox could potentially break add-ons, which made it very difficult to rearchitect internals.
Around 2015, Mozilla changed Firefox extensions to a Chrome-style approach where only specific extension points are accessible. While this does simplify security and internal rearchitecting, it of course greatly curtails the power of extensions as well, since they now depend on the host platform to allow and implement each capability their extensions require.
Check out the following links if you’d like to read more:
- David Teller’s 2020 blog post on Mozilla’s decisions
- Geoffrey Litt’s 2024 comments on browser extensions
- Kartik’s reply in the same discussion
To be clear, this challenge problem theme is not just about browsers. Instead, it is about extensibility across all software systems. Submissions are free to consider extensibility both conceptually across all systems and practically in the context of particular systems.
Submission
Submissions are due on 2024-11-01 (anywhere on Earth), though of course feel free to submit any time before then. Some people may want to build something to illustrate their ideas, and hopefully a few months allows time to do that. Having a deadline gives people something to aim for, instead of falling into the trap of polishing indefinitely without actually sharing anything.
There is no required format or length for a submission. You could write an article, record a video, build a demo, or some mix of those. It could be long or short. It should show that you have thought deeply about the theme. Submissions are also free to reject the premise of theme, as long as you make a persuasive argument. Of course, you are expected to abide by our code of conduct.
Submissions can be hosted wherever. You can submit by creating a new thread in this category on the forum. Your submission thread can either contain the submission directly or link to something hosted elsewhere.
After the deadline, I plan to summarise all the submissions and share my perspective. To be clear though, there are no awards to give out. Everyone will be left to their own judgement to decide which is best according their own needs and preferences.
Participants will also be encouraged to share their own summary and reflection on the other submissions that have come in. After having thought about the theme for several months, they are likely well-placed to learn from and comment on the work of others.
I am thinking of this process as a virtual workshop of sorts, but submissions will appear gradually over time, with a final round-up after the deadline.
If you have any feedback on the theme or questions about the mechanics, this thread is a good place for that. When you are ready to make a submission, create a new thread in this category.