Challenge problem: Fearless extensibility

As I recently mentioned, I’d like us to try a challenge problem as a new community activity.

Theme

The theme for the first challenge problem is “fearless extensibility”. Why “fearless”…? Allowing extension authors complete freedom to change all aspects of a system may seem like a malleable path to take, but it carries with it maintenance and security headaches:

  • system maintainers (who are likely to be different from users and extension authors) tend to view fully open extension frameworks as a compatibility nightmare, as any future system change has the potential to break extensions
  • malicious actors can take advantage of powerful extension pathways to inject malware, break security mechanisms, and perform various other undesired actions
  • users worry they may break the system as they do not have full context on the impact of changes

Some people may try to dismiss such concerns by pushing those responsibilities to the extension user, but malleability is meant to empower all users of computation. Requiring everyone to become software experts is not a viable path.

How can we achieve powerful extensibility to configure systems to meet our individual needs while also reducing security and maintainability risks?

Further context

To explore a few design points in this space, let’s look at an example system: Firefox.

A while ago (before 2015), Firefox extensions were built using the same technologies as the browser itself. Extensions had essentially full control to change anything about the browser. However, extension malware was a recurring problem, and browser developers take user security quite seriously. Additionally, any change to the core of Firefox could potentially break add-ons, which made it very difficult to rearchitect internals.

Around 2015, Mozilla changed Firefox extensions to a Chrome-style approach where only specific extension points are accessible. While this does simplify security and internal rearchitecting, it of course greatly curtails the power of extensions as well, since they now depend on the host platform to allow and implement each capability their extensions require.

Check out the following links if you’d like to read more:

To be clear, this challenge problem theme is not just about browsers. Instead, it is about extensibility across all software systems. Submissions are free to consider extensibility both conceptually across all systems and practically in the context of particular systems.

Submission

Submissions are due on 2024-11-01 (anywhere on Earth), though of course feel free to submit any time before then. Some people may want to build something to illustrate their ideas, and hopefully a few months allows time to do that. Having a deadline gives people something to aim for, instead of falling into the trap of polishing indefinitely without actually sharing anything.

There is no required format or length for a submission. You could write an article, record a video, build a demo, or some mix of those. It could be long or short. It should show that you have thought deeply about the theme. Submissions are also free to reject the premise of theme, as long as you make a persuasive argument. :slightly_smiling_face: Of course, you are expected to abide by our code of conduct.

Submissions can be hosted wherever. You can submit by creating a new thread in this category on the forum. Your submission thread can either contain the submission directly or link to something hosted elsewhere.

After the deadline, I plan to summarise all the submissions and share my perspective. To be clear though, there are no awards to give out. Everyone will be left to their own judgement to decide which is best according their own needs and preferences.

Participants will also be encouraged to share their own summary and reflection on the other submissions that have come in. After having thought about the theme for several months, they are likely well-placed to learn from and comment on the work of others.

I am thinking of this process as a virtual workshop of sorts, but submissions will appear gradually over time, with a final round-up after the deadline.


If you have any feedback on the theme or questions about the mechanics, this thread is a good place for that. When you are ready to make a submission, create a new thread in this category.

5 Likes

This is good timing, because I’ve been off exploring other directions but lately I’ve been taking a step back to assess the idea maze more broadly.

Major issues that occur to me:

  • There’s some trade-off between security and capability. To some extent it seems irreducible. But I wonder if we can get closer to an optimum than current apps (e.g. Emacs, Firefox, Wordpress, etc.) get us.
  • To truly get security the system needs to publish invariants. I think having a shared set of invariants will help everyone get on the same page about whether the provided extension points are secure w.r.t. the invariants.
  • Preserving invariants will be very challenging in the presence of new features. It’s very easy for a new feature to interact with every feature you’ve added so far, resulting in a jailbreak/vulnerability. Maybe model-checkers would be useful here? (After you’ve specified invariants.) But in general, I think a principled set of extension points that preserve invariants will create a force against new features. Which seems like a good thing.
2 Likes

Some other meditations/studies at least tangentially related to extensibility generally and browsers specifically:

2 Likes

Nice topic! The deadline is now in my agenda. I hope I will find time to contribute something!

2 Likes

There’s 1 month left until the submission deadline for this challenge problem (due on 2024-11-01)! I’m excited to see what appears. :smile:

Come on people!!!

I got nothin’!

!!! (making up 20 characters)

The challenge problem submission window has now closed! :checkered_flag: Thanks to everyone who contributed along the way. :smile:

I would encourage everyone who participated (and also anyone else interested) to check out each of the submissions and share your reflections on them. Feel free to do so however you prefer: as a reply here in the problem thread, in a new thread covering all submissions, in replies to each submission, on your blog that you link to, etc.

3 Likes

I’m very happy to see submissions came up right until the last minute :slight_smile: Lots of interesting takes, I’ll have to chew on em for a bit.

2 Likes