Fully agree with your comments (although not particularly with the indexedDB ones)
I see the problem is that we have built up the web to be a place to trust software, while someone may be able to steal my password, I know that a web app isnt going to be able to wipe my hard drive. That is mostly because right now web apps have little privileges to actually do anything (and even with those little privileges we have still been plagued with xss / csrf attacks)
I fully agree that we need to have lower level API's in place so users can build technology from the bottom up, but I think before that happens we need to build the parts of the platform that allow that access without leaving users open to abuse.
This is happening right now with b2g, since it has a mail client there is mozTcpSocket being exposed, however obviously not every web app is going to have access, and afaik it will only be exposed to signed / trusted applications. But I am excited to see the ball rolling.
I see the problem is that we have built up the web to be a place to trust software, while someone may be able to steal my password, I know that a web app isnt going to be able to wipe my hard drive. That is mostly because right now web apps have little privileges to actually do anything (and even with those little privileges we have still been plagued with xss / csrf attacks)
I fully agree that we need to have lower level API's in place so users can build technology from the bottom up, but I think before that happens we need to build the parts of the platform that allow that access without leaving users open to abuse.
This is happening right now with b2g, since it has a mail client there is mozTcpSocket being exposed, however obviously not every web app is going to have access, and afaik it will only be exposed to signed / trusted applications. But I am excited to see the ball rolling.