>> Unfortunately the genie is out of the bottle already. The web by and large requires javascript, and it's not likely to change.
>This fatalist stance is childish, and dangerous. As long as there are people working to make things better, things do improve.
How is it any more of a fatalist stance than the idea that javascript or running untrusted code in a sandbox is fundamentally broken?
Personally I think it's easier and more likely that we attempt to fix a few web browsers than expect millions of websites to change. You might call it fatalism, but I think of it as realism.
>> It's not like users can be relied on to do the right thing all the time anyway.
> So, if you aren't sure you locked the front door of your house, then it also doesn't matter if you left the door to the garden open? Clearly not!
My point was not that security is useless because users are unreliable. My point was that it's better to keep the kids in the sandbox, than to have them play in a busy street. Security should be preserved in spite of users actions, not rely on them.
> Personally I think it's easier and more likely that we attempt to fix a few web browsers than expect a millions of websites to change.
This is the same argument I criticized before. The world doesn't change completely over night because one changes their own actions, and that is fine. These million websites maybe never change, and that's what we'd have to live with.
>This fatalist stance is childish, and dangerous. As long as there are people working to make things better, things do improve.
How is it any more of a fatalist stance than the idea that javascript or running untrusted code in a sandbox is fundamentally broken?
Personally I think it's easier and more likely that we attempt to fix a few web browsers than expect millions of websites to change. You might call it fatalism, but I think of it as realism.
>> It's not like users can be relied on to do the right thing all the time anyway.
> So, if you aren't sure you locked the front door of your house, then it also doesn't matter if you left the door to the garden open? Clearly not!
My point was not that security is useless because users are unreliable. My point was that it's better to keep the kids in the sandbox, than to have them play in a busy street. Security should be preserved in spite of users actions, not rely on them.